admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-0402.md

21 lines
970 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2024-0402](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0402)
![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=16.0%3C%2016.5.8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)
### Description
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/0xfschott/CVE-search
- https://github.com/ch4nui/CVE-2024-0402-RCE
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/tanjiti/sec_profile
Reference in New Issue Copy Permalink