Latest Cyber Security News

You are here: Home / General Cyber Security News / URGENT: Upgrade GitLab – Critical Workspace Creation Flaw Allows File Overwrite
January 30, 2024

GitLab the moment again launched fixes to handle a critical security flaw in its Group Edition (CE) and Business Version (EE) that could be exploited to write arbitrary data files even though developing a workspace.

Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10.

“An issue has been found in GitLab CE/EE influencing all versions from 16. prior to 16.5.8, 16.6 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated consumer to produce information to arbitrary locations on the GitLab server even though producing a workspace,” GitLab said in an advisory produced on January 25, 2024.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Cybersecurity

The company also noted patches for the bug have been backported to 16.5.8, 16.6.6, 16.7.4, and 16.8.1.

Also fixed by GitLab are 4 medium-severity flaws that could lead to a common expression denial-of-services (ReDoS), HTML injection, and the disclosure of a user’s general public email tackle via the tags RSS feed.

The newest update comes two months just after the DevSecOps platform shipped fixes to near out two critical shortcomings, such as one that could be exploited to take in excess of accounts with out demanding any user conversation (CVE-2023-7028, CVSS score: 10.).

Buyers are recommended to upgrade the installations to a patched variation as shortly as attainable to mitigate probable dangers. GitLab.com and GitLab Dedicated environments are currently running the most current edition.

Identified this write-up fascinating? Abide by us on Twitter  and LinkedIn to go through far more special content material we write-up.


Some sections of this report are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *