Skip to main content

CVE-2024-0402: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab GitLab

Critical
VulnerabilityCVE-2024-0402cvecve-2024-0402cwe-22
Published: Fri Jan 26 2024 (01/26/2024, 01:02:39 UTC)
Source: CVE Database V5
Vendor/Project: GitLab
Product: GitLab

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.

AI-Powered Analysis

AILast updated: 07/04/2025, 11:25:57 UTC

Technical Analysis

CVE-2024-0402 is a critical path traversal vulnerability (CWE-22) affecting GitLab Community Edition (CE) and Enterprise Edition (EE) versions from 16.0 up to but not including 16.6.6, 16.7 up to but not including 16.7.4, and 16.8 up to but not including 16.8.1. This vulnerability allows an authenticated user to write files to arbitrary locations on the GitLab server during the creation of a workspace. The flaw arises due to improper validation and limitation of pathname inputs, enabling attackers to escape the intended restricted directory boundaries. Exploiting this vulnerability requires the attacker to have valid credentials (authenticated user) but does not require any user interaction beyond that. The CVSS v3.1 base score is 9.9 (critical), reflecting the high impact on confidentiality, integrity, and availability, as the attacker can write files anywhere on the server, potentially leading to remote code execution, privilege escalation, or persistent backdoors. The vulnerability has been publicly disclosed as of January 26, 2024, but no known exploits in the wild have been reported yet. The lack of patch links in the provided data suggests that users should urgently check GitLab’s official advisories for updates and patches. Given GitLab’s widespread use in software development and DevOps pipelines, this vulnerability poses a significant risk to organizations relying on GitLab for source code management and CI/CD workflows.

Potential Impact

For European organizations, the impact of CVE-2024-0402 is substantial. GitLab is widely adopted across Europe in both private and public sectors for managing source code repositories and automating software delivery. Successful exploitation could allow attackers to write malicious files to arbitrary locations on GitLab servers, potentially leading to full system compromise, data breaches, or disruption of critical development pipelines. This could result in intellectual property theft, sabotage of software builds, insertion of malicious code into production software, and downtime of development environments. Given the criticality of software supply chain security, this vulnerability could also indirectly affect downstream customers and partners. Organizations in regulated industries such as finance, healthcare, and government could face compliance violations and reputational damage if exploited. The requirement for authentication limits exposure to insiders or compromised accounts, but the risk remains high due to the privileged nature of GitLab users and the potential for lateral movement within networks.

Mitigation Recommendations

European organizations should immediately verify their GitLab versions and upgrade to the fixed versions 16.6.6, 16.7.4, or 16.8.1 or later as soon as official patches are available. Until patches are applied, organizations should restrict GitLab access to trusted users only and enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of credential compromise. Monitoring and logging of workspace creation activities should be enhanced to detect anomalous file writes or path traversal attempts. Network segmentation and least privilege principles should be applied to limit the impact of a compromised GitLab server. Additionally, organizations should conduct thorough audits of GitLab server file systems for unauthorized files or modifications and review CI/CD pipeline configurations for suspicious changes. Incident response plans should be updated to include this vulnerability scenario. Finally, organizations should subscribe to GitLab security advisories and threat intelligence feeds to stay informed about exploit developments and patches.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitLab
Date Reserved
2024-01-10T16:30:43.698Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 683f3b5c182aa0cae2871572

Added to database: 6/3/2025, 6:13:48 PM

Last enriched: 7/4/2025, 11:25:57 AM

Last updated: 8/12/2025, 9:58:11 PM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats