The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from an incorrect limitation on the path name for the restricted access directory. This allows a malicious user to write files to arbitrary locations on the server when creating a working area.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to an incorrect restriction on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to perform file writing operations at arbitrary locations o...

Reprise License Manager 15.1 Privilege Escalation / File Write

Multiple Vulnerabilities in Reprise License Manager 15.1 CVE-2023-43183, CVE-2023-44031 Credit: Mohaiman Rahim...

SUSE CVE-2023-52076

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...

SUSE-SU-2024:0248-1 Security update for cpio

This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction bsc1218571...

UBUNTU-CVE-2024-0402

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE version 16.0 up to and includin...

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Administrator/Root rights...

CVE-2023-52076

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...

DEBIAN-CVE-2023-52076

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...

CVE-2023-52076

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...

Path traversal

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...

CVE-2023-52076

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...

CVE-2023-52076

Atril Document Viewer (MATE) is vulnerable to a path traversal and arbitrary file write flaw in versions preceding 1.26.2, allowing writing arbitrary files to locations accessible by the user opening a crafted document. The vulnerability originates from Atril’s EPUB/document parsing flow and, per...

CVE-2023-52076 Remote Code Execution Vulnerability in Atril's EPUB ebook parsing

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...

Gitlab -- vulnerabilities

Gitlab reports: Arbitrary file write while creating workspace ReDoS in Cargo.toml blob viewer Arbitrary API PUT requests via HTML injection in user's name Disclosure of the public email in Tags RSS Feed Non-Member can update MR Assignees of owned MRs...

PT-2024-1286

Name of the Vulnerable Software and Affected Versions GitLab versions 16.0 through 16.5.7 GitLab versions 16.6 through 16.6.5 GitLab versions 16.7 through 16.7.3 GitLab versions 16.8 through 16.8.0 Description The issue is related to an incorrect restriction of the path name to a directory with...

RHCOS 4 : OpenShift Container Platform 4.10.62 (RHSA-2023:3625)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3625 advisory. - xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow...

VulnCheck KEV: CVE-2021-45420

Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi. An attacker will be able to write any file on the target system without any kind of authentication mechanism, and this can...

CVE-2023-5716

ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission...

CVE-2023-5716 ASUS Armoury Crate - Arbitrary File Write

ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission...