CVE-2024-0402 - Vulnerability Details - OpenCVE

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.39312.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Gitlab	Gitlab

Configuration 1 [-]

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:16.8.0::::community:::
	cpe:2.3:a:gitlab:gitlab:16.8.0::::enterprise:::

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

Upgrade to versions 16.8.1, 16.7.4, 16.6.6, 16.5.8 or above.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/437819

History

Tue, 03 Jun 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 29 Aug 2024 15:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:gitlab:gitlab::::::::

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-01-26T01:02:39.052Z

Updated: 2025-06-03T18:01:33.069Z

Reserved: 2024-01-10T16:30:43.698Z

Link: CVE-2024-0402

Vulnrichment

Updated: 2024-08-01T18:04:49.576Z

NVD

Status : Modified

Published: 2024-01-26T01:15:08.920

Modified: 2024-11-21T08:46:30.360

Link: CVE-2024-0402

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0402", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2024-01-10T16:30:43.698Z", "datePublished": "2024-01-26T01:02:39.052Z", "dateUpdated": "2025-06-03T18:01:33.069Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "versions": [{"lessThan": "16.5.8", "status": "affected", "version": "16.0", "versionType": "semver"}, {"lessThan": "16.6.6", "status": "affected", "version": "16.6", "versionType": "semver"}, {"lessThan": "16.7.4", "status": "affected", "version": "16.7", "versionType": "semver"}, {"lessThan": "16.8.1", "status": "affected", "version": "16.8", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "This vulnerability has been discovered internally by GitLab team member [joernchen](https://gitlab.com/joernchen)"}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-08-29T15:04:54.380Z"}, "references": [{"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"}, {"name": "GitLab Issue #437819", "tags": ["issue-tracking"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/437819"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.8.1, 16.7.4, 16.6.6, 16.5.8 or above."}], "title": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:04:49.576Z"}, "title": "CVE Program Container", "references": [{"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/437819", "name": "GitLab Issue #437819", "tags": ["issue-tracking", "x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-03T18:01:24.319017Z", "id": "CVE-2024-0402", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-03T18:01:33.069Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/437819", "name": "GitLab Issue #437819", "tags": ["issue-tracking", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:04:49.576Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0402", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-03T18:01:24.319017Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-03T18:01:29.257Z"}}], "cna": {"title": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "This vulnerability has been discovered internally by GitLab team member [joernchen](https://gitlab.com/joernchen)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "16.0", "lessThan": "16.5.8", "versionType": "semver"}, {"status": "affected", "version": "16.6", "lessThan": "16.6.6", "versionType": "semver"}, {"status": "affected", "version": "16.7", "lessThan": "16.7.4", "versionType": "semver"}, {"status": "affected", "version": "16.8", "lessThan": "16.8.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 16.8.1, 16.7.4, 16.6.6, 16.5.8 or above."}], "references": [{"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/437819", "name": "GitLab Issue #437819", "tags": ["issue-tracking"]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-08-29T15:04:54.380Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0402", "state": "PUBLISHED", "dateUpdated": "2025-06-03T18:01:33.069Z", "dateReserved": "2024-01-10T16:30:43.698Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2024-01-26T01:02:39.052Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "2D6B2329-5500-4D95-8270-2CCB839C226F", "versionEndExcluding": "16.5.8", "versionStartIncluding": "16.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "3732A61E-AFE9-4A84-B3A8-C34F0F79C5A0", "versionEndExcluding": "16.5.8", "versionStartIncluding": "16.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "8429A44F-1788-421A-99A9-1E650735BBDD", "versionEndExcluding": "16.6.6", "versionStartIncluding": "16.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "3D66D64A-B883-4A2C-B114-3A54F326BA8D", "versionEndExcluding": "16.6.6", "versionStartIncluding": "16.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "matchCriteriaId": "0F871342-EDE9-49F2-8081-04651A16CD6E", "versionEndExcluding": "16.7.4", "versionStartIncluding": "16.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "9A9ED476-FBE7-4022-AE16-18386E73AA59", "versionEndExcluding": "16.7.4", "versionStartIncluding": "16.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.8.0:*:*:*:community:*:*:*", "matchCriteriaId": "246D6584-64A7-44AC-A279-ECA58E5ED1FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:gitlab:gitlab:16.8.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "E591D495-7397-4DA2-A643-477B2E35A915", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en GitLab CE/EE que afecta a todas las versiones desde 16.0 anterior a 16.6.6, 16.7 anterior a 16.7.4 y 16.8 anterior a 16.8.1, lo que permite a un usuario autenticado escribir archivos en ubicaciones arbitrarias en el servidor GitLab mientras crea un workspace."}], "id": "CVE-2024-0402", "lastModified": "2024-11-21T08:46:30.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-26T01:15:08.920", "references": [{"source": "cve@gitlab.com", "tags": ["Vendor Advisory"], "url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"}, {"source": "cve@gitlab.com", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/437819"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/437819"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cve@gitlab.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}