Lucene search
K

9 matches found

The Hacker News
The Hacker News
added 2024/01/30 4:18 p.m.63 views

URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite

GitLab once again released fixes to address a critical security flaw in its Community Edition CE and Enterprise Edition EE that could be exploited to write arbitrary files while creating a workspace. Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10. "An...

10CVSS6.8AI score0.94955EPSS
Exploits16
Tenable Nessus
Tenable Nessus
added 2024/01/27 12:0 a.m.44 views

FreeBSD : Gitlab -- vulnerabilities (61fe903b-bc2e-11ee-b06e-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 61fe903b-bc2e-11ee-b06e-001b217b3468 advisory. - An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to...

9.9CVSS6.9AI score0.04392EPSS
Exploits3References7
Circl
Circl
added 2024/01/26 2:26 a.m.13 views

CVE-2024-0402

creationtimestamp| type| source ---|---|--- 2024-01-26 02:26:35+00:00| seen| https://t.me/ctinow/173953 2024-01-26 11:56:47+00:00| seen| https://t.me/ctinow/174171 2024-01-26 12:46:40+00:00| published-proof-of-concept| https://t.me/techb0ltGenona/4239 2024-01-28 13:16:07+00:00| seen|...

9.9CVSS8.9AI score0.03302EPSS
Exploits0References25
Vulnrichment
Vulnrichment
added 2024/01/26 1:2 a.m.5 views

CVE-2024-0402 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace...

9.9CVSS6.5AI score0.03302EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/26 1:2 a.m.227 views

CVE-2024-0402 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace...

9.9CVSS9.4AI score0.03302EPSS
Exploits0References2
OSV
OSV
added 2024/01/26 1:2 a.m.33 views

CVE-2024-0402 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace...

9.9CVSS9.2AI score0.03302EPSS
Exploits0References5
CVE
CVE
added 2024/01/26 1:2 a.m.137 views

CVE-2024-0402

CVE-2024-0402: A path traversal flaw in GitLab CE/EE allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. Affected versions are 16.0–16.0.x up to 16.6.5, 16.7.x up to 16.7.3, and 16.8.x up to 16.8.0. Exploitation details are not provi...

9.9CVSS9.1AI score0.03302EPSS
Exploits0References2Affected Software1
NCSC
NCSC
added 2024/01/26 12:0 a.m.8 views

Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed vulnerabilities in GitLab Enterprise Edition EE and Community Edition CE. A malicious party could vulnerabilities to exploit attacks that can result in the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution Administrator/Root rights...

9.9CVSS7.8AI score0.04392EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2024/01/25 12:0 a.m.40 views

GitLab 16.0 < 16.5.8 / 16.6 < 16.6.6 / 16.7 < 16.7.4 / 16.8 < 16.8.1 (CVE-2024-0402)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to...

9.9CVSS8.6AI score0.03302EPSS
Exploits0References4
Rows per page
Query Builder