CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-0402

Critical Severity
Gitlab
SVRS
94/100
CVSSv3
9.9/10
EPSS
0.33538/1

CVE-2024-0402 allows authenticated users to write files to arbitrary locations on a GitLab server, potentially leading to remote code execution. This vulnerability affects GitLab CE/EE versions 16.0 before 16.6.6, 16.7 before 16.7.4, and 16.8 before 16.8.1. With a SOCRadar Vulnerability Risk Score (SVRS) of 94, this is a critical vulnerability that demands immediate attention and patching. Successful exploitation could enable attackers to gain control of the GitLab server and compromise sensitive data. Given the availability of active exploits, organizations using affected GitLab versions are at high risk. This issue is significant due to its potential for widespread impact and ease of exploitation. The vulnerability is classified as CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:L
UI:N
S:C
C:H
I:H
A:H
PUBLICATION DATE2024-01-26
LAST MODIFIED2024-01-31
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-0402 is a critical vulnerability in GitLab CE/EE versions 16.0 to 16.6.6, 16.7 to 16.7.4, and 16.8 to 16.8.1. It allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. This vulnerability has a CVSS score of 9.9, indicating its severe impact on confidentiality, integrity, and availability. However, the SOCRadar Vulnerability Risk Score (SVRS) of 34 suggests that the vulnerability is not as critical as the CVSS score indicates.

Key Insights:

  1. Exploitation: Active exploits for CVE-2024-0402 have been published, making it a high-priority target for attackers.
  2. Threat Actors: Threat actors and APT groups are actively exploiting this vulnerability to gain unauthorized access to GitLab servers and compromise sensitive data.
  3. CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about CVE-2024-0402, urging organizations to take immediate action to patch their systems.
  4. In the Wild: The vulnerability is actively exploited by hackers in the wild, making it a significant threat to organizations using GitLab.

Mitigation Strategies:

  1. Update GitLab: Organizations should immediately update their GitLab instances to the latest version (16.6.6, 16.7.4, or 16.8.1) to mitigate the vulnerability.
  2. Restrict Access: Implement strict access controls to limit the number of users who can create workspaces and write files to the GitLab server.
  3. Enable Two-Factor Authentication: Enforce two-factor authentication for all GitLab users to add an extra layer of security.
  4. Monitor for Suspicious Activity: Continuously monitor GitLab logs and activity for any suspicious behavior that may indicate an attack.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
doyensec/malicious-devfile-registryhttps://github.com/doyensec/malicious-devfile-registry2025-03-10
nomi-sec/PoC-in-GitHubhttps://github.com/nomi-sec/PoC-in-GitHub2019-12-08
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

[MàJ] Multiples Vulnérabilités dans GitLab (12 janvier 2024)
2025-04-01
[MàJ] Multiples Vulnérabilités dans GitLab (12 janvier 2024) | \[Mise à jour du 29 janvier 2024\] Le 25 janvier 2024, l'éditeur a publié un avis de sécurité concernant plusieurs vulnérabilités affectant GitLab CE et EE. La vulnérabilité CVE-2024-0402 est considérée critique avec un score CVSSv3 de 9,9. Elle permet à un attaquant authentifié d'écrire des...
ssi.gouv.fr
rss
forum
news
GitLab Critical Security Release: 16.8.1, 16.7.4, 16.6.6, 16.5.8
Greg Myers2025-04-01
GitLab Critical Security Release: 16.8.1, 16.7.4, 16.6.6, 16.5.8 | Today we are releasing versions 16.8.1, 16.7.4, 16.6.6, 16.5.8 for GitLab Community Edition (CE) and Enterprise Edition (EE). These versions contain important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com and GitLab Dedicated environments are already running the patched version. GitLab releases patches for vulnerabilities in dedicated security releases. There are
gitlab.com
rss
forum
news
Arbitrary File Write CVE-2024-0402 in GitLab (Exploit)
/u/nibblesec2025-03-18
Arbitrary File Write CVE-2024-0402 in GitLab (Exploit) | &#32; submitted by &#32; /u/nibblesec [link] &#32; [comments]&#32; submitted by &#32; /u/nibblesec [link] &#32; <span
reddit.com
rss
forum
news
5th February – Threat Intelligence Report - Check Point Research
2024-02-05
5th February – Threat Intelligence Report - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 5th February, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES AnyDesk Software GmbH , the company behind the popular remote desktop application, has confirmed a cybersecurity incident in which the attackers gained access to company’s production systems. Reportedly, source code and private code signing keys were stolen during the attack. As part of the response, AnyDesk have revoked security-related certificates and remediated or replaced systems as necessary. Out of caution, AnyDesk is also revoking all passwords
cve-2024-21888
cve-2024-0517
cve-2024-0402
cve-2024-21893
5th February – Threat Intelligence Report - Check Point Research - Check Point Research
2024-02-05
5th February – Threat Intelligence Report - Check Point Research - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 5th February, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES AnyDesk Software GmbH , the company behind the popular remote desktop application, has confirmed a cybersecurity incident in which the attackers gained access to company’s production systems. Reportedly, source code and private code signing keys were stolen during the attack. As part of the response, AnyDesk have revoked security-related certificates and remediated or replaced systems as necessary. Out of caution, AnyDesk is also
google.com
rss
forum
news
Critical GitLab Update Patches Multiple Security Flaws - Cyber Kendra
2024-01-26
Critical GitLab Update Patches Multiple Security Flaws - Cyber Kendra | News Content: Developers relying on GitLab's popular source code management platform need to act quickly to secure their implementations against multiple just-disclosed vulnerabilities. A week ago, GitLab released a security update to fix a critical severity flaw that could allow an attacker to take over user accounts by resetting passwords without user interaction. Today company shipped urgent security releases for several of its Community and Enterprise Edition offerings to resolve critical and high severity flaws allowing unauthorized access. Among the most glaring of these bugs is an arbitrary file
google.com
rss
forum
news
CERTFR-2024-ALE-002 : [MàJ] Multiples Vulnérabilités dans GitLab (12 janvier 2024)
2024-01-12
CERTFR-2024-ALE-002 : [MàJ] Multiples Vulnérabilités dans GitLab (12 janvier 2024) | [Mise à jour du 29 janvier 2024] Le 25 janvier 2024, l'éditeur a publié un avis de sécurité concernant plusieurs vulnérabilités affectant GitLab CE et EE. La vulnérabilité CVE-2024-0402 est considérée critique avec un score …
cve-2024-0402
cves
gitlab
gt

Social Media

Arbitrary File Write CVE-2024-0402 in GitLab https://t.co/q0BfDYBfgG
0
0
0
Arbitrary File Write CVE-2024-0402 in GitLab (Exploit) https://t.co/1kJrXAWpoc
0
0
0
GitHub - doyensec/malicious-devfile-registry: Exploit for CVE-2024-0402 in Gitlab - https://t.co/g9HBQB6I6W
0
0
0
4. @gitlab Devfile file write vulnerability (CVE-2024-0402) allowed arbitrary file write and command execution on GitLab instances by chaining multiple vulnerabilities. [MORE](https://t.co/XB8nNtrkEq)
1
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppGitlabgitlab

References

ReferenceLink
[email protected]https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
[email protected]https://gitlab.com/gitlab-org/gitlab/-/issues/437819

CWE Details

CWE IDCWE NameDescription
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence