9 matches found
URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite
GitLab once again released fixes to address a critical security flaw in its Community Edition CE and Enterprise Edition EE that could be exploited to write arbitrary files while creating a workspace. Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10. "An...
FreeBSD : Gitlab -- vulnerabilities (61fe903b-bc2e-11ee-b06e-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 61fe903b-bc2e-11ee-b06e-001b217b3468 advisory. - An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to...
CVE-2024-0402
creationtimestamp| type| source ---|---|--- 2024-01-26 02:26:35+00:00| seen| https://t.me/ctinow/173953 2024-01-26 11:56:47+00:00| seen| https://t.me/ctinow/174171 2024-01-26 12:46:40+00:00| published-proof-of-concept| https://t.me/techb0ltGenona/4239 2024-01-28 13:16:07+00:00| seen|...
CVE-2024-0402 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace...
CVE-2024-0402 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace...
CVE-2024-0402 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace...
CVE-2024-0402
CVE-2024-0402: A path traversal flaw in GitLab CE/EE allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. Affected versions are 16.0–16.0.x up to 16.6.5, 16.7.x up to 16.7.3, and 16.8.x up to 16.8.0. Exploitation details are not provi...
Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition
GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Administrator/Root rights...
GitLab 16.0 < 16.5.8 / 16.6 < 16.6.6 / 16.7 < 16.7.4 / 16.8 < 16.8.1 (CVE-2024-0402)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to...