Open Nav
Sign Up

Critical File Overwrite Vulnerability in GitLab (CVE-2024-0402)

Bar Refael

January 31, 2024

GitLab has issued a critical security update for its Community Edition (CE) and Enterprise Edition (EE) to address a vulnerability identified as CVE-2024-0402, carrying a high CVSS score of 9.9. The flaw enables authenticated users to write arbitrary files to any location on the GitLab server while creating a workspace, posing significant security risks. In addition to this major vulnerability, GitLab also resolved four medium-severity flaws related to denial-of-service, HTML injection, and private information disclosure.

Affected Versions:

The vulnerability affects all versions of GitLab CE/EE:

  • From 16.0 up to but not including 16.5.8
  • From 16.6 up to but not including 16.6.6
  • From 16.7 up to but not including 16.7.4
  • From 16.8 up to but not including 16.8.1

Technical Details and Impact:

CVE-2024-0402 allows an authenticated user to exploit the workspace creation process to write files to arbitrary locations on the GitLab server. This critical vulnerability can lead to unauthorized data modification, data destruction, or give attackers a foothold for further malicious activities within the network.

The medium-severity vulnerabilities addressed include:

  • Regular expression denial-of-service (ReDoS)
  • HTML injection
  • Disclosure of a user’s public email address via tags RSS feed

Mitigation and Recommendations:

GitLab urges all users to upgrade their installations to the latest patched versions (16.5.8, 16.6.6, 16.7.4, or 16.8.1) immediately to mitigate potential risks. The patches have been backported to these versions to ensure security across the board. It is crucial for administrators to apply these updates as soon as possible to secure their environments against potential exploitation.

Conclusion:

The discovery of the critical file overwrite vulnerability, along with the other medium-severity flaws in GitLab, demands immediate attention and action from all GitLab users. The severity of CVE-2024-0402, coupled with the possibility of account takeover from other vulnerabilities like CVE-2023-7028, illustrates the urgency of updating to the latest, secured versions of GitLab. Continuous vigilance and prompt application of security updates are paramount in maintaining a robust defense against evolving cybersecurity threats.

Resources highlights

Critical Cisco ISE Vulnerabilities Lead to Unauthenticated RCE (CVE-2025-20281 & CVE-2025-20282)

On June 25, 2025, Cisco disclosed and patched two critical remote code execution (RCE) vulnerabilities: CVE-2025-20281 and CVE-2025-20282, affecting its widely deployed Identity Services Engine…

Read more >

CVE-2025-20281 & CVE-2025-20282

Critical Vulnerability in MegaRAC BMC Added to CISA’s KEV: CVE-2024-54085

On June 25, 2025, CISA added CVE‑2024‑54085, a critical authentication bypass vulnerability in the MegaRAC SPx Baseboard Management Controller (BMC) firmware, to its Known Exploited…

Read more >

CVE-2024-54085

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls The UK’s National Cyber Security Centre (NCSC) has issued an alert regarding a sophisticated malware campaign dubbed “UMBRELLA…

Read more >

umbrella stand fortinet

CVE-2025-49144: Privilege Escalation in Notepad++ Installer Enables Full SYSTEM Access

A critical local privilege escalation vulnerability in the Notepad++ v8.8.1 installer allows attackers to escalate to NT AUTHORITY\SYSTEM using binary planting techniques. Tracked as CVE-2025-49144,…

Read more >

CVE-2025-49144

Our Red Team’s Favorite Penetration Testing Tools in 2025 (And How We Use Them)

When it comes to red team operations, the tools you choose can make or break the engagement. From initial reconnaissance to post-exploitation, having a streamlined,…

Read more >

pentesting tools - op

New Linux Vulnerabilities (CVE-2025-6018 & CVE-2025-6019) Enable Full Root Access in Seconds

Security researchers have uncovered a critical privilege escalation chain in major Linux distributions that allows any local user with a session (SSH or GUI) to…

Read more >

CVE-2025-6018, CVE-2025-6019
Under Cyber Attack?

Fill out the form and we will contact you immediately.