Security News > 2024 > January > Self-managed GitLab installations should be patched again (CVE-2024-0402)

Self-managed GitLab installations should be patched again (CVE-2024-0402)
2024-01-30 11:51

Less than two weeks after having plugged a security hole that allows account takeover without user interaction, GitLab Inc. has patched a critical vulnerability in GitLab CE/EE again and is urging users to update their installations immediately.

GitLab Inc. operates GitLab.com and develops GitLab Community Edition and Enterprise Edition, a widely used software development platform with built-in version control, issue tracking, code review, etc.

As a self-managed platform, GitLab can be deployed on on-prem servers, Kubernetes, or with a cloud provider.

CVE-2024-0402 is a vulnerability that may allow an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.

Discovered by a GitLab team member, CVE-2024-0402 has been fixed in GitLab CE/EE versions 16.5.8, 16.6.6, 16.7.4, and 16.8.1.

"GitLab.com and GitLab Dedicated environments are already running the patched version," the company has added.


News URL

https://www.helpnetsecurity.com/2024/01/30/self-managed-gitlab-installations-should-be-patched-again-cve-2024-0402/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-01-26 CVE-2024-0402 Path Traversal vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
network
low complexity
gitlab CWE-22
critical
9.9

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Gitlab 10 93 797 116 16 1022