Arbitrary File Write Vulnerability Affects GitLab Servers
Key Information
- Vendor
- Gitlab
- Status
- Gitlab
- Vendor
- CVE Published:
- 26 January 2024
Badges
Summary
A critical vulnerability, CVE-2024-0402, has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. This vulnerability allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. Although it has not been exploited in the wild, there is a potential for it to be exploited to deliver malware. GitLab has released patches for this vulnerability in versions 16.5.8, 16.6.6, 16.7.4, and 16.8.1. Additionally, the company has fixed four medium severity security holes in these releases. It is recommended that users update their installations immediately to mitigate the risk of exploitation and protect sensitive data.
Affected Version(s)
GitLab < 16.5.8
GitLab < 16.6.6
GitLab < 16.7.4
News Articles
Help Net Security CVE-2024-0402CVE-2024-23897Week in review: Windows Event Log zero-day, exploited critical Jenkins RCE flaw - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Prioritizing cybercrime intelligence for effective
10 months ago
GitLab Vulnerability CVE-2024-0402 Exposes File Overwrite Risk
New GitLab vulnerability exposes critical file overwrite risk. Users urged to update immediately to safeguard their data and workflows.
10 months ago
2nd critical GitLab patch of 2024 fixes arbitrary file writing bug
CVE-2024-0402, CVSS score 9.9, may affect more than 4,800 unpatched GitLab servers.
10 months ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
Vulnerability started trending.
First article discovered by Penetration Testing
Vulnerability published.
Vulnerability Reserved.