Think you have a false positive on this rule?

Sid 1-51052

Message

FILE-OTHER Gitlab directory traversal attempt

Summary

This event is generated when a file containing a Gitlab directory traversal attempt is detected.

Impact

Attempted User Privilege Gain

Detailed information

Affected systems

  • GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 (according to NIST)

Ease of attack

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • CVE-2018-14364
  • gitlab.com/gitlab-org/gitlab-ce/issues/49133