CVE-2024-0402

CRITICAL9.9EPSS 45.2%

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab

發布日:2024/3/6修改日:2025/5/20

描述

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.

受影響套件(1)

Bitnami/gitlab>= 16.0.0, < 16.5.8, >= 16.6.0, < 16.6.6, >= 16.7.0, < 16.7.4, >= 16.8.0, < 16.8.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

參考連結(3)

WEBhttps://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
WEBhttps://gitlab.com/gitlab-org/gitlab/-/issues/437819
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-0402