CVE-2024-0402

CRITICAL LAB

Gitlab < 16.5.8 - Path Traversal

Title source: rule

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.

Exploits (1)

nomisec WORKING POC 15 stars

by doyensec · poc

https://github.com/doyensec/malicious-devfile-registry

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/437819

Scores

CVSS v3 9.9

EPSS 0.4077

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull registry.access.redhat.com/ubi8/go-toolset:1.18

docker pull quay.io/devfile/devfile-index-base:next

https://github.com/doyensec/malicious-devfile-registry

View in Library

Details

CWE

CWE-22

Status published

Products (6)

gitlab/gitlab 16.8.0 (2 CPE variants)

GitLab/GitLab 16.0 - 16.5.8

gitlab/gitlab 16.0.0 - 16.5.8 (2 CPE variants)

GitLab/GitLab 16.6 - 16.6.6

GitLab/GitLab 16.7 - 16.7.4

GitLab/GitLab 16.8 - 16.8.1

Published Jan 26, 2024

Tracked Since Feb 18, 2026