CVE-2023-3385 is a path traversal vulnerability (CWE-22) affecting GitLab versions starting from 8.10 up to versions prior to 16.0.8, 16.1.0 up to before 16.1.3, and 16.2.0 up to before 16.2.2. The vulnerability arises during the process of importing a project 'from export' in GitLab, where a user uploads a specially crafted file. Due to improper limitation of pathname traversal in the handling of tar archives, an attacker can exploit this flaw to access and read files outside the intended directory scope. This occurs because the underlying tar utility used by GitLab did not properly sanitize file paths, allowing traversal sequences (e.g., ../) to escape the restricted directory. The issue was linked to a bug in the tar utility fixed in tar-1.35. The vulnerability has a CVSS v3.1 base score of 6.3, indicating a medium severity level. The attack vector is network-based (AV:N), requiring low privileges (PR:L) but high attack complexity (AC:H), and no user interaction (UI:N). The impact is primarily on confidentiality (C:H), with no impact on integrity or availability. No known exploits in the wild have been reported yet. The vulnerability affects a wide range of GitLab versions, including many currently in use, and could allow unauthorized reading of sensitive files on the GitLab server, potentially exposing credentials, configuration files, or other sensitive data. This vulnerability is particularly relevant for organizations that allow project imports from external sources or untrusted users.

For European organizations using GitLab, this vulnerability poses a significant risk to the confidentiality of sensitive data stored on GitLab servers. Unauthorized access to configuration files, private keys, or source code could lead to further compromise, intellectual property theft, or leakage of personal data protected under GDPR. Since GitLab is widely used across Europe for software development and DevOps workflows, exploitation could impact a broad range of sectors including finance, healthcare, government, and critical infrastructure. The medium severity score reflects the need for caution, especially given the high attack complexity which may limit exploitation to skilled attackers. However, the low privilege requirement means that any authenticated user with project import permissions could potentially exploit this flaw, increasing the risk in environments with many users or less restrictive access controls. The confidentiality breach could also lead to compliance violations and reputational damage for affected organizations.

European organizations should immediately verify their GitLab versions and upgrade to patched versions 16.0.8, 16.1.3, or 16.2.2 or later where this vulnerability is fixed. If upgrading is not immediately feasible, organizations should restrict project import functionality to trusted users only and audit recent imports for suspicious activity. Implement strict access controls and monitoring around GitLab project import features. Additionally, review and harden file system permissions on GitLab servers to limit exposure of sensitive files. Organizations should also ensure that the underlying tar utility is updated to version 1.35 or later to mitigate the root cause. Regularly scanning GitLab logs for unusual file access patterns and employing intrusion detection systems can help detect exploitation attempts. Finally, organizations should educate developers and administrators about this vulnerability and incorporate it into their vulnerability management and patching processes.