How to find the user who uploaded the file

Hello. There is a self hosted gitlab installation. An exploit was found along the path gitlab-ralis/uploads/-/system/temp/hash/file. The help file describes that the directory is used for custom uploads (avatars, note attachments, etc. Uploads administration | GitLab). Is it possible to find out who uploaded this file?

It sounds like a malicious actor attempted to exploit CVE-2021-22205 on your instance.


Thank you. Indeed, it looks like it is. The instance has already been updated, but it seems that the attacker managed to exploit the vulnerability before the update

1 Like