Hello. There is a self hosted gitlab installation. An exploit was found along the path gitlab-ralis/uploads/-/system/temp/hash/file. The help file describes that the directory is used for custom uploads (avatars, note attachments, etc. Uploads administration | GitLab). Is it possible to find out who uploaded this file?
It sounds like a malicious actor attempted to exploit CVE-2021-22205 on your instance.
2 Likes
Thank you. Indeed, it looks like it is. The instance has already been updated, but it seems that the attacker managed to exploit the vulnerability before the update
1 Like