GitLab has addressed a critical severity vulnerability that could allow an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
The vulnerability tracked as CVE-2024-0402, with a CVSS score of 9.9 affects both GitLab Community Edition (CE) and Enterprise Edition (EE).
As per the advisory, an issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.5.8, 16.6 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
GitLab urged users to immediately upgrade all GitLab installations to the latest versions (16.5.8, or 16.6.6, 16.7.4, or 16.8.1) to fix CVE-2024-0402.
GitLab also fixed several security flaws in this update:
- CVE-2023-6159 (CVSS 6.5): ReDoS in Cargo.toml blob viewer
- CVE-2023-5993 (CVSS 6.4): Arbitrary API PUT requests via HTML injection in user’s name
- CVE-2023-5612 (CVSS 5.3): Disclosure of the public email in Tags RSS Feed
- CVE-2024-0456 (CVSS 4.3): Non-Member can update MR Assignees of owned MRs
