CVE-2023-3385: 
GitLab vulnerability analysis and mitigation

An issue was discovered in GitLab affecting all versions starting from 8.10 before 16.0.8, all versions starting from 16.1 before 16.1.3, and all versions starting from 16.2 before 16.2.2. Under specific circumstances, a user importing a project 'from export' could access and read unrelated files via uploading a specially crafted file. This vulnerability was due to a bug in tar, which was later fixed in tar-1.35 (GitLab Release, NVD).

The vulnerability is classified as a path traversal issue (CWE-22) with a CVSS v3.1 base score of 6.3 (Medium) and vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N. The issue allows an attacker to read arbitrary files owned by the 'git' user through a malicious tar.gz file upload during project import functionality. The vulnerability exploits a specific behavior in GNU tar when extracting a tarball to an empty directory, where extracted files could become hard links to files outside the intended directory (GitLab Issue).

The vulnerability allows unauthorized access to read any files owned or writable by the 'git' user or the 'git' group on the same partition where the tar command runs. This includes access to repositories, gitlab-rails files, uploads, LFS storage, cache, CI secure files, encrypted settings, external-diffs, and cached exports. While this attack does not directly lead to remote code execution, it compromises the confidentiality of protected data on the GitLab instance (GitLab Issue).

The vulnerability has been patched in GitLab versions 16.0.8, 16.1.3, and 16.2.2. The recommended mitigation involves inspecting tarballs with 'tar tvvf' and refusing to process them if they contain soft or hard links. Additionally, ensuring that tarballs are extracted on a partition that doesn't contain sensitive files can prevent exploitation, as hard links cannot cross device boundaries (GitLab Release).