Ubuntu.comUB:CVE-2024-0402CVE-2024-0402
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
6.6 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
29.9%
An issue has been discovered in GitLab CE/EE affecting all versions from
16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which
allows an authenticated user to write files to arbitrary locations on the
GitLab server while creating a workspace.
References
about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released
about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
gitlab.com/gitlab-org/gitlab/-/issues/437819
launchpad.net/bugs/cve/CVE-2024-0402
nvd.nist.gov/vuln/detail/CVE-2024-0402
security-tracker.debian.org/tracker/CVE-2024-0402
www.cve.org/CVERecord?id=CVE-2024-0402
Related
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
6.6 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
29.9%