BIT-GITLAB-2024-0402 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab

🗓️ 06 Mar 2024 10:53:34Reported by GoogleType

osv🔗 osv.dev👁 20 Views

An issue in GitLab CE/EE allows authenticated user to write files to arbitrary locations on the server while creating a workspace

Reporter	Title	Published	Views	Family All 22
FreeBSD	Gitlab -- vulnerabilities	25 Jan 202400:00	–	freebsd
ATTACKERKB	CVE-2024-0402	26 Jan 202401:15	–	attackerkb
BDU FSTEC	The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from an incorrect limitation on the path name for the restricted access directory. This allows a malicious user to write files to arbitrary locations on the server when creating a working area.	29 Jan 202400:00	–	bdu_fstec
Circl	CVE-2024-0402	26 Jan 202402:26	–	circl
CNNVD	GitLab Security Breach	26 Jan 202400:00	–	cnnvd
CVE	CVE-2024-0402	26 Jan 202401:02	–	cve
Cvelist	CVE-2024-0402 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab	26 Jan 202401:02	–	cvelist
Debian CVE	CVE-2024-0402	26 Jan 202401:02	–	debiancve
Tenable Nessus	FreeBSD : Gitlab -- vulnerabilities (61fe903b-bc2e-11ee-b06e-001b217b3468)	27 Jan 202400:00	–	nessus
Tenable Nessus	GitLab 16.0 < 16.5.8 / 16.6 < 16.6.6 / 16.7 < 16.7.4 / 16.8 < 16.8.1 (CVE-2024-0402)	25 Jan 202400:00	–	nessus

Source	Link
about	www.about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/437819
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-0402

20 May 2025 10:02Current

9.1High risk

Vulners AI Score9.1

CVSS 3.19.9

EPSS0.03302

SSVC