Improper limitation of a pathname to a restricted directory (Path traversal)

Description

The vulnerability can be exploited by inserting a payload into a parameter on the URL endpoint which allows for reading arbitrary files. This could be used to read sensitive files, access other users data, or aid in exploitation to gain further system access.

Remediation

User input should never be used in constructing paths or files for interacting with the filesystem. This includes filenames supplied by user uploads or downloads.

If possible, consider hashing the filenames and reference the hashed filenames in a database or datastore instead of directly attempting to access filenames provided by users or other system components.

In the rare cases that the application must work with filenames, use the language provided functionality to extract only the filename part of the supplied value. Never attempt to use the path or directory information that comes from user input.

Details

ID	Aggregated	CWE	Type	Risk
22.1	false	22	Active	high

Help & feedback

Docs

Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.

Product

Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Join First Look to help shape new features.

Feature availability and product trials

View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.

Get Help

If you didn't find what you were looking for, search the docs.

If you want help with something specific and could use community support, post on the GitLab forum.

For problems setting up or using this feature (depending on your GitLab subscription).

Request support