admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-0402.md
0xMarcio 1fb02038e8 Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00

23 lines
1.1 KiB
Markdown
Raw Blame History

### [CVE-2024-0402](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0402)
![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=16.0%3C%2016.5.8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)
### Description
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/0xfschott/CVE-search
- https://github.com/ch4nui/CVE-2024-0402-RCE
- https://github.com/doyensec/malicious-devfile-registry
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/tanjiti/sec_profile
Reference in New Issue View Git Blame Copy Permalink