{"id":4517,"date":"2023-12-13T15:41:09","date_gmt":"2023-12-13T15:41:09","guid":{"rendered":"https:\/\/secry.me\/explore\/?p=4517"},"modified":"2023-12-14T01:11:33","modified_gmt":"2023-12-14T01:11:33","slug":"gitlab-rce-when-removing-metadata-with-exiftool","status":"publish","type":"post","link":"https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/","title":{"rendered":"Gitlab Workhorse RCE when Removing MetaData with ExifTool: $20k Bounty"},"content":{"rendered":"<div class=\"c7f5092f831f91fb6af859cc3a8052cc\" data-index=\"4\" style=\"float: none; margin:10px 0 10px 0; text-align:center;\">\n<script async src=\"https:\/\/securepubads.g.doubleclick.net\/tag\/js\/gpt.js\"><\/script>\r\n<script>\r\n  window.googletag = window.googletag || {cmd: []};\r\n  googletag.cmd.push(function() {\r\n    googletag.defineSlot('\/22608490431\/iklan1', [[320, 100], [300, 50]], 'div-gpt-ad-1696178236578-0').addService(googletag.pubads());\r\n    googletag.pubads().enableSingleRequest();\r\n    googletag.enableServices();\r\n  });\r\n<\/script>\r\n<!-- \/22608490431\/iklan1 -->\r\n<div id='div-gpt-ad-1696178236578-0' style='min-width: 300px; min-height: 50px;'>\r\n  <script>\r\n    googletag.cmd.push(function() { googletag.display('div-gpt-ad-1696178236578-0'); });\r\n  <\/script>\r\n<\/div>\n<\/div>\n<h3>GitLab Exiftool RCE in Image Upload<\/h3>\n<p><strong>GitLab Workhorse RCE &#8211; Gitlab File Upload to RCE &#8211;<\/strong> In 2021, April, Security researcher, known as <strong>vakzz<\/strong>, uncovered a <a href=\"https:\/\/secry.me\/explore\/bug-bounty\/usd-20k-gitlab-rce-when-removing-metadata-with-exiftool\/\">critical vulnerability in GitLab<\/a>&#8216;s image upload process, potentially enabling remote code execution (RCE). The flaw lies in GitLab Workhorse, which, when handling certain image file types, inadvertently passes files to ExifTool for processing. ExifTool, in turn, encounters a significant issue when dealing with DjVu files, leading to a potential security breach.<\/p>\n<p>&nbsp;<\/p>\n<h3>Details of the Vulnerability<\/h3>\n<p>When uploading image files, GitLab Workhorse utilizes ExifTool to strip non-allowlisted tags from files with jpg, jpeg, or tiff extensions. However, the flaw arises when ExifTool, in attempting to determine the file type based on content rather than extension, encounters DjVu files. Within the DjVu annotation, tokens are evaluated to &#8220;convert C escape sequences.&#8221; Despite attempts at validation, a backslash followed by a newline allows the injection of arbitrary Perl code, leading to potential exploitation.<\/p>\n<p>&nbsp;<\/p>\n<h3>Potential Exploitation: Steps to Gitlab RCE via image upload<\/h3>\n<p>To illustrate the severity, <strong>vakzz<\/strong> provides two example files: &#8216;echo_vakzz.jpg.zip&#8217; and &#8216;reverse_shell.jpg.zip.&#8217; The former demonstrates the insertion of metadata resulting in the creation of a file on the server, while the latter triggers a reverse shell, potentially compromising the server.<\/p>\n<h4>Metadata Code:<\/h4>\n<p>Within the DjVu annotation of &#8216;echo_vakzz.jpg.zip&#8217;, the problematic metadata code is as follows:<\/p>\n<pre class=\"wp-block-code\"><code>(metadata\r\n(Copyright \"\\\r\n\" . qx{echo vakzz &gt;\/tmp\/vakzz} . \\\r\n\" b \") )<\/code><\/pre>\n<p>This metadata code, when processed, allows for the execution of arbitrary Perl code, potentially leading to unauthorized actions on the server.<\/p>\n<p>&nbsp;<\/p>\n<h3>Impact of the Vulnerability:<\/h3>\n<p>This flaw could be exploited by any user capable of uploading an image processed by GitLab Workhorse, allowing them to achieve remote code execution. The issue extends beyond the intended TIFF and JPEG modules, as ExifTool processes a broader range of file types, significantly expanding the potential attack surface.<\/p>\n<h3>Recommendations and GitLab&#8217;s Response<\/h3>\n<p>In response to this discovery, it is crucial for GitLab to reconsider the approach of converting C escape sequences using &#8216;eval.&#8217; Additionally, restricting ExifTool to only process TIFF and JPEG files, and implementing a preliminary check for file validity, could help mitigate the risk associated with this vulnerability.<\/p>\n<p>When uploading image files, GitLab Workhorse utilizes ExifTool to strip non-allowlisted tags from files with jpg, jpeg, or tiff extensions. It&#8217;s worth noting that this security vulnerability has led to a bug bounty reward of <strong>$20000<\/strong>, reinforcing the importance of prompt resolution to ensure the platform&#8217;s security and integrity.<\/p>\n<h3><\/h3>\n<h3>Conclusion<\/h3>\n<p>The security community played a vital role in identifying and addressing potential threats, urging GitLab to swiftly rectify this vulnerability to ensure the security and integrity of its platform. Advisors recommended users to stay vigilant and actively monitor GitLab&#8217;s official communications for the release of patches or updates addressing this issue.<\/p>\n<p>&nbsp;<\/p>\n<p>Hackerone report of GitLab Workhorse RCE <a href=\"https:\/\/hackerone.com\/reports\/1154542\" target=\"_blank\" rel=\"nofollow noopener\">here<\/a><\/p>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n\n<div style=\"font-size: 0px; height: 0px; line-height: 0px; margin: 0; padding: 0; clear: both;\"><\/div>","protected":false},"excerpt":{"rendered":"<p>GitLab Exiftool RCE in Image Upload GitLab Workhorse RCE &#8211; Gitlab File Upload to RCE &#8211; In 2021, April, Security researcher, known as vakzz, uncovered a critical vulnerability in GitLab&#8216;s image upload process, potentially enabling remote code execution (RCE). The flaw lies in GitLab Workhorse, which, when handling certain image file types, inadvertently passes files [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4539,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[136,126,105],"tags":[430,162,428,429,11],"class_list":{"0":"post-4517","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-bug-bounty","8":"category-file-upload","9":"category-rce","10":"tag-exiftool","11":"tag-gitlab","12":"tag-gitlab-workhorse","13":"tag-metadata","14":"tag-rce"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.4 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Gitlab Workhorse RCE when Removing MetaData with ExifTool: $20k Bounty | SECRY<\/title>\n<meta name=\"description\" content=\"GitLab Exiftool RCE in Image Upload GitLab Workhorse RCE - Gitlab File Upload to RCE - In 2021, April, Security researcher, known as vakzz, uncovered a\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Gitlab Workhorse RCE when Removing MetaData with ExifTool: $20k Bounty | SECRY\" \/>\n<meta property=\"og:description\" content=\"GitLab Exiftool RCE in Image Upload GitLab Workhorse RCE - Gitlab File Upload to RCE - In 2021, April, Security researcher, known as vakzz, uncovered a\" \/>\n<meta property=\"og:url\" content=\"https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/\" \/>\n<meta property=\"og:site_name\" content=\"SECRY\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/secry.me\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-13T15:41:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-12-14T01:11:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/secryweb.sirv.com\/WP_secry.me\/2023\/12\/GitLab-Workhorse-RCE.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Christin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/gitlab-rce-when-removing-metadata-with-exiftool\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/gitlab-rce-when-removing-metadata-with-exiftool\\\/\"},\"author\":{\"name\":\"Christin\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/acc5b116f6d4870e1ecd6928630104f5\"},\"headline\":\"Gitlab Workhorse RCE when Removing MetaData with ExifTool: $20k Bounty\",\"datePublished\":\"2023-12-13T15:41:09+00:00\",\"dateModified\":\"2023-12-14T01:11:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/gitlab-rce-when-removing-metadata-with-exiftool\\\/\"},\"wordCount\":477,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/gitlab-rce-when-removing-metadata-with-exiftool\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/GitLab-Workhorse-RCE.png\",\"keywords\":[\"Exiftool\",\"Gitlab\",\"Gitlab Workhorse\",\"Metadata\",\"rce\"],\"articleSection\":[\"Bug Bounty\",\"File Upload\",\"RCE\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/gitlab-rce-when-removing-metadata-with-exiftool\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/gitlab-rce-when-removing-metadata-with-exiftool\\\/\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/gitlab-rce-when-removing-metadata-with-exiftool\\\/\",\"name\":\"Gitlab Workhorse RCE when Removing MetaData with ExifTool: $20k Bounty | SECRY\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/gitlab-rce-when-removing-metadata-with-exiftool\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/gitlab-rce-when-removing-metadata-with-exiftool\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/GitLab-Workhorse-RCE.png\",\"datePublished\":\"2023-12-13T15:41:09+00:00\",\"dateModified\":\"2023-12-14T01:11:33+00:00\",\"description\":\"GitLab Exiftool RCE in Image Upload GitLab Workhorse RCE - Gitlab File Upload to RCE - In 2021, April, Security researcher, known as vakzz, uncovered a\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/gitlab-rce-when-removing-metadata-with-exiftool\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/gitlab-rce-when-removing-metadata-with-exiftool\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/gitlab-rce-when-removing-metadata-with-exiftool\\\/#primaryimage\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/GitLab-Workhorse-RCE.png\",\"contentUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/GitLab-Workhorse-RCE.png\",\"width\":1280,\"height\":720,\"caption\":\"GitLab Workhorse Image Upload to RCE\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/gitlab-rce-when-removing-metadata-with-exiftool\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/secry.me\\\/explore\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Gitlab Workhorse RCE when Removing MetaData with ExifTool: $20k Bounty\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"name\":\"SECRY\",\"description\":\"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections\",\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"alternateName\":\"Security Story\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/secry.me\\\/explore\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\",\"name\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\",\"alternateName\":\"SECRY\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"contentUrl\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"width\":512,\"height\":512,\"caption\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/secry.me\",\"https:\\\/\\\/pinterest.com\\\/secry_me\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/acc5b116f6d4870e1ecd6928630104f5\",\"name\":\"Christin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"caption\":\"Christin\"},\"description\":\"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.\",\"sameAs\":[\"https:\\\/\\\/secry.me\\\/explore\"],\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/author\\\/secry\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Gitlab Workhorse RCE when Removing MetaData with ExifTool: $20k Bounty | SECRY","description":"GitLab Exiftool RCE in Image Upload GitLab Workhorse RCE - Gitlab File Upload to RCE - In 2021, April, Security researcher, known as vakzz, uncovered a","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/","og_locale":"en_US","og_type":"article","og_title":"Gitlab Workhorse RCE when Removing MetaData with ExifTool: $20k Bounty | SECRY","og_description":"GitLab Exiftool RCE in Image Upload GitLab Workhorse RCE - Gitlab File Upload to RCE - In 2021, April, Security researcher, known as vakzz, uncovered a","og_url":"https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/","og_site_name":"SECRY","article_publisher":"https:\/\/www.facebook.com\/secry.me","article_published_time":"2023-12-13T15:41:09+00:00","article_modified_time":"2023-12-14T01:11:33+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2023\/12\/GitLab-Workhorse-RCE.png","type":"image\/png"}],"author":"Christin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Christin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/#article","isPartOf":{"@id":"https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/"},"author":{"name":"Christin","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/acc5b116f6d4870e1ecd6928630104f5"},"headline":"Gitlab Workhorse RCE when Removing MetaData with ExifTool: $20k Bounty","datePublished":"2023-12-13T15:41:09+00:00","dateModified":"2023-12-14T01:11:33+00:00","mainEntityOfPage":{"@id":"https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/"},"wordCount":477,"commentCount":0,"publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"image":{"@id":"https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/12\/GitLab-Workhorse-RCE.png","keywords":["Exiftool","Gitlab","Gitlab Workhorse","Metadata","rce"],"articleSection":["Bug Bounty","File Upload","RCE"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/","url":"https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/","name":"Gitlab Workhorse RCE when Removing MetaData with ExifTool: $20k Bounty | SECRY","isPartOf":{"@id":"https:\/\/secry.me\/explore\/#website"},"primaryImageOfPage":{"@id":"https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/#primaryimage"},"image":{"@id":"https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/12\/GitLab-Workhorse-RCE.png","datePublished":"2023-12-13T15:41:09+00:00","dateModified":"2023-12-14T01:11:33+00:00","description":"GitLab Exiftool RCE in Image Upload GitLab Workhorse RCE - Gitlab File Upload to RCE - In 2021, April, Security researcher, known as vakzz, uncovered a","breadcrumb":{"@id":"https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/#primaryimage","url":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/12\/GitLab-Workhorse-RCE.png","contentUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/12\/GitLab-Workhorse-RCE.png","width":1280,"height":720,"caption":"GitLab Workhorse Image Upload to RCE"},{"@type":"BreadcrumbList","@id":"https:\/\/secry.me\/explore\/gitlab-rce-when-removing-metadata-with-exiftool\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/secry.me\/explore\/"},{"@type":"ListItem","position":2,"name":"Gitlab Workhorse RCE when Removing MetaData with ExifTool: $20k Bounty"}]},{"@type":"WebSite","@id":"https:\/\/secry.me\/explore\/#website","url":"https:\/\/secry.me\/explore\/","name":"SECRY","description":"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections","publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"alternateName":"Security Story","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/secry.me\/explore\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/secry.me\/explore\/#organization","name":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections","alternateName":"SECRY","url":"https:\/\/secry.me\/explore\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/","url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","contentUrl":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","width":512,"height":512,"caption":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections"},"image":{"@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/secry.me","https:\/\/pinterest.com\/secry_me"]},{"@type":"Person","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/acc5b116f6d4870e1ecd6928630104f5","name":"Christin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","caption":"Christin"},"description":"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.","sameAs":["https:\/\/secry.me\/explore"],"url":"https:\/\/secry.me\/explore\/author\/secry\/"}]}},"_links":{"self":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/4517","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/comments?post=4517"}],"version-history":[{"count":22,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/4517\/revisions"}],"predecessor-version":[{"id":4542,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/4517\/revisions\/4542"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media\/4539"}],"wp:attachment":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media?parent=4517"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/categories?post=4517"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/tags?post=4517"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}