GitLab the moment again launched fixes to handle a critical security flaw in its Group Edition (CE) and Business Version (EE) that could be exploited to write arbitrary data files even though developing a workspace.
Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10.
“An issue has been found in GitLab CE/EE influencing all versions from 16. prior to 16.5.8, 16.6 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated consumer to produce information to arbitrary locations on the GitLab server even though producing a workspace,” GitLab said in an advisory produced on January 25, 2024.
![AOMEI Backupper Lifetime](https://thecybersecurity.news/data/2021/12/AOMEI-Backupper-Professional.png)
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The company also noted patches for the bug have been backported to 16.5.8, 16.6.6, 16.7.4, and 16.8.1.
Also fixed by GitLab are 4 medium-severity flaws that could lead to a common expression denial-of-services (ReDoS), HTML injection, and the disclosure of a user’s general public email tackle via the tags RSS feed.
The newest update comes two months just after the DevSecOps platform shipped fixes to near out two critical shortcomings, such as one that could be exploited to take in excess of accounts with out demanding any user conversation (CVE-2023-7028, CVSS score: 10.).
Buyers are recommended to upgrade the installations to a patched variation as shortly as attainable to mitigate probable dangers. GitLab.com and GitLab Dedicated environments are currently running the most current edition.
Identified this write-up fascinating? Abide by us on Twitter and LinkedIn to go through far more special content material we write-up.
Some sections of this report are sourced from:
thehackernews.com