Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2024-0402

HistoryJan 26, 2024 - 1:15 a.m.

CVE-2024-0402

2024-01-2601:15:08

Debian Security Bug Tracker

security-tracker.debian.org

gitlab

ce/ee

file write

vulnerability

version 16.8.1

authenticated user

workspace

server

unix

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

29.9%

JSON

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.

OSVersionArchitecturePackageVersionFilename
Debian999allgitlab< 16.6.6-1gitlab_16.6.6-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	gitlab	< 16.6.6-1	gitlab_16.6.6-1_all.deb

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

29.9%

JSON

Related for DEBIANCVE:CVE-2024-0402