Open Nav
Sign Up

Critical File Overwrite Vulnerability in GitLab (CVE-2024-0402)

Bar Refael

January 31, 2024

GitLab has issued a critical security update for its Community Edition (CE) and Enterprise Edition (EE) to address a vulnerability identified as CVE-2024-0402, carrying a high CVSS score of 9.9. The flaw enables authenticated users to write arbitrary files to any location on the GitLab server while creating a workspace, posing significant security risks. In addition to this major vulnerability, GitLab also resolved four medium-severity flaws related to denial-of-service, HTML injection, and private information disclosure.

Affected Versions:

The vulnerability affects all versions of GitLab CE/EE:

  • From 16.0 up to but not including 16.5.8
  • From 16.6 up to but not including 16.6.6
  • From 16.7 up to but not including 16.7.4
  • From 16.8 up to but not including 16.8.1

Technical Details and Impact:

CVE-2024-0402 allows an authenticated user to exploit the workspace creation process to write files to arbitrary locations on the GitLab server. This critical vulnerability can lead to unauthorized data modification, data destruction, or give attackers a foothold for further malicious activities within the network.

The medium-severity vulnerabilities addressed include:

  • Regular expression denial-of-service (ReDoS)
  • HTML injection
  • Disclosure of a user’s public email address via tags RSS feed

Mitigation and Recommendations:

GitLab urges all users to upgrade their installations to the latest patched versions (16.5.8, 16.6.6, 16.7.4, or 16.8.1) immediately to mitigate potential risks. The patches have been backported to these versions to ensure security across the board. It is crucial for administrators to apply these updates as soon as possible to secure their environments against potential exploitation.

Conclusion:

The discovery of the critical file overwrite vulnerability, along with the other medium-severity flaws in GitLab, demands immediate attention and action from all GitLab users. The severity of CVE-2024-0402, coupled with the possibility of account takeover from other vulnerabilities like CVE-2023-7028, illustrates the urgency of updating to the latest, secured versions of GitLab. Continuous vigilance and prompt application of security updates are paramount in maintaining a robust defense against evolving cybersecurity threats.

Resources highlights

CVE-2026-46817: Critical Oracle E-Business Suite Vulnerability

A critical vulnerability in Oracle E-Business Suite is now being actively exploited in the wild. Tracked as CVE-2026-46817, the flaw affects the File Transmission component…

Read more >

cve-2026-46817-oracle-e-business

Cisco Unified CM Vulnerability CVE-2026-20230 Targeted After Public PoC Disclosure 

Cisco has disclosed and patched CVE-2026-20230, a critical SSRF vulnerability affecting Cisco Unified Communications Manager and Unified CM SME when the WebDialer service is enabled.…

Read more >

CVE-2026-20230

Microsoft Confirms Unpatched RoguePlanet Defender Zero-Day (CVE-2026-50656)

Microsoft has confirmed a new Microsoft Defender zero-day vulnerability tracked as CVE-2026-50656 and publicly referred to as RoguePlanet. The flaw affects the Microsoft Malware Protection…

Read more >

RoguePlanet_cve-2026-50656

FortiBleed Campaign Exposes Fortinet Firewall and VPN Credentials at Scale

A large-scale credential abuse campaign dubbed FortiBleed has reportedly affected tens of thousands of Fortinet firewall and VPN devices worldwide. Public reporting indicates that threat…

Read more >

fortibleed

Fortinet FortiSandbox Under Active Attack (CVE-2026-39813 & Others)

Threat actors are actively exploiting multiple critical vulnerabilities affecting Fortinet FortiSandbox. The reported activity involves three unauthenticated vulnerabilities: CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089. These flaws are…

Read more >

cve-2026-39813

Critical Wazuh Manager Vulnerability Enables Alert Tampering and Security Evidence Deletion

A critical vulnerability has been disclosed in Wazuh Manager that could allow attackers to tamper with security data, delete alerts, and manipulate forensic evidence stored…

Read more >

wazuh manager vulnerability
Under Cyber Attack?

Fill out the form and we will contact you immediately.