GitLab GitHub Repo Import Deserialization Remote Code Execution
An authenticated user can import a repository from GitHub into GitLab. If
a user attempts to import a repo from an attacker-controlled server, the
server will reply with a Redis serialization protocol object in the nested default_branch. GitLab will cache this object and then deserialize it when trying to load a user session, resulting in remote code execution.
https://packetstormsecurity.com/files/171008/gitlab_github_import_rce_cve_2022_2992.rb.txt
Wed, 15 Feb 2023 18:22:08 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com (2:467/4.444)