Security News > 2024 > January > URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite

URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite
2024-01-30 16:18

GitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to write arbitrary files while creating a workspace. Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10. "An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to


News URL

https://thehackernews.com/2024/01/urgent-upgrade-gitlab-critical.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-01-26 CVE-2024-0402 Path Traversal vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
network
low complexity
gitlab CWE-22
critical
9.9

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Gitlab 10 47 736 246 58 1087