GitLab Arbitrary File Write Vulnerability - 20240129002¶
Overview¶
A critical severity vulnerability has been discovered in GitLab CE/EE, which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
What is the vulnerability?¶
| CVE | Severity | CVSS |
|---|---|---|
| CVE-2024-0402 | Critical | 9.9 |
What is vulnerable?¶
| Product(s) Affected | |
|---|---|
| GitLab CE/EE | versions before 16.0 to 16.6.6 |
| versions before 16.7 to 16.7.4 | |
| versions before 16.8 to 16.8.1 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of two weeks (refer Patch Management):