/

CVE-2024-0402 Report - Details, Severity, & Advisories

CVE-2024-0402 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2024-0402?

CVE-2024-0402 is a critical security vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) servers, with a severity score of 9.9. It allows authenticated users to write files to arbitrary locations on the server while creating a workspace. This affects GitLab CE/EE versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Organizations using affected GitLab installations should upgrade to a patched version immediately.

Who is impacted by CVE-2024-0402?

CVE-2024-0402 affects authenticated users of GitLab Community Edition (CE) and Enterprise Edition (EE) versions 16.0 to 16.5.7, 16.6.0 to 16.6.5, 16.7.0 to 16.7.3, and 16.8.0. This vulnerability allows users to write files to arbitrary locations on the server while creating a workspace, posing a significant risk to affected organizations.

What to do if CVE-2024-0402 affected you

If you're affected by the CVE-2024-0402 vulnerability, it's crucial to take immediate action to protect your system. Follow these simple steps:

  1. Upgrade your GitLab installation to a patched version (16.8.1, 16.7.4, 16.6.6, or 16.5.8).

  2. Ensure you're using the latest security release for your supported version.

  3. Follow best practices for securing your GitLab instance, as outlined in the GitLab Critical Security Release announcement.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-0402 vulnerability, also known as "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')," is listed in CISA's Known Exploited Vulnerabilities Catalog. Added on January 25, 2024, the required action for affected organizations is to update their GitLab Community Edition (CE) or Enterprise Edition (EE) to a version that is not affected by this vulnerability.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-22, which involves improper limitation of a pathname to a restricted directory.

Learn More

For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page and the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2024-0402 Report - Details, Severity, & Advisories

CVE-2024-0402 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2024-0402?

CVE-2024-0402 is a critical security vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) servers, with a severity score of 9.9. It allows authenticated users to write files to arbitrary locations on the server while creating a workspace. This affects GitLab CE/EE versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Organizations using affected GitLab installations should upgrade to a patched version immediately.

Who is impacted by CVE-2024-0402?

CVE-2024-0402 affects authenticated users of GitLab Community Edition (CE) and Enterprise Edition (EE) versions 16.0 to 16.5.7, 16.6.0 to 16.6.5, 16.7.0 to 16.7.3, and 16.8.0. This vulnerability allows users to write files to arbitrary locations on the server while creating a workspace, posing a significant risk to affected organizations.

What to do if CVE-2024-0402 affected you

If you're affected by the CVE-2024-0402 vulnerability, it's crucial to take immediate action to protect your system. Follow these simple steps:

  1. Upgrade your GitLab installation to a patched version (16.8.1, 16.7.4, 16.6.6, or 16.5.8).

  2. Ensure you're using the latest security release for your supported version.

  3. Follow best practices for securing your GitLab instance, as outlined in the GitLab Critical Security Release announcement.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-0402 vulnerability, also known as "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')," is listed in CISA's Known Exploited Vulnerabilities Catalog. Added on January 25, 2024, the required action for affected organizations is to update their GitLab Community Edition (CE) or Enterprise Edition (EE) to a version that is not affected by this vulnerability.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-22, which involves improper limitation of a pathname to a restricted directory.

Learn More

For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page and the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2024-0402 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2024-0402?

CVE-2024-0402 is a critical security vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) servers, with a severity score of 9.9. It allows authenticated users to write files to arbitrary locations on the server while creating a workspace. This affects GitLab CE/EE versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Organizations using affected GitLab installations should upgrade to a patched version immediately.

Who is impacted by CVE-2024-0402?

CVE-2024-0402 affects authenticated users of GitLab Community Edition (CE) and Enterprise Edition (EE) versions 16.0 to 16.5.7, 16.6.0 to 16.6.5, 16.7.0 to 16.7.3, and 16.8.0. This vulnerability allows users to write files to arbitrary locations on the server while creating a workspace, posing a significant risk to affected organizations.

What to do if CVE-2024-0402 affected you

If you're affected by the CVE-2024-0402 vulnerability, it's crucial to take immediate action to protect your system. Follow these simple steps:

  1. Upgrade your GitLab installation to a patched version (16.8.1, 16.7.4, 16.6.6, or 16.5.8).

  2. Ensure you're using the latest security release for your supported version.

  3. Follow best practices for securing your GitLab instance, as outlined in the GitLab Critical Security Release announcement.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-0402 vulnerability, also known as "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')," is listed in CISA's Known Exploited Vulnerabilities Catalog. Added on January 25, 2024, the required action for affected organizations is to update their GitLab Community Edition (CE) or Enterprise Edition (EE) to a version that is not affected by this vulnerability.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-22, which involves improper limitation of a pathname to a restricted directory.

Learn More

For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page and the resources listed below.