Security News > 2024 > January > Self-managed GitLab installations should be patched again (CVE-2024-0402)
Less than two weeks after having plugged a security hole that allows account takeover without user interaction, GitLab Inc. has patched a critical vulnerability in GitLab CE/EE again and is urging users to update their installations immediately.
GitLab Inc. operates GitLab.com and develops GitLab Community Edition and Enterprise Edition, a widely used software development platform with built-in version control, issue tracking, code review, etc.
As a self-managed platform, GitLab can be deployed on on-prem servers, Kubernetes, or with a cloud provider.
CVE-2024-0402 is a vulnerability that may allow an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
Discovered by a GitLab team member, CVE-2024-0402 has been fixed in GitLab CE/EE versions 16.5.8, 16.6.6, 16.7.4, and 16.8.1.
"GitLab.com and GitLab Dedicated environments are already running the patched version," the company has added.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-26 | CVE-2024-0402 | Path Traversal vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. | 9.9 |