CVE-2024-0402 is a critical path traversal vulnerability (CWE-22) affecting GitLab Community Edition (CE) and Enterprise Edition (EE) versions from 16.0 up to but not including 16.6.6, 16.7 up to but not including 16.7.4, and 16.8 up to but not including 16.8.1. This vulnerability allows an authenticated user to write files to arbitrary locations on the GitLab server during the creation of a workspace. The flaw arises due to improper validation and limitation of pathname inputs, enabling attackers to escape the intended restricted directory boundaries. Exploiting this vulnerability requires the attacker to have valid credentials (authenticated user) but does not require any user interaction beyond that. The CVSS v3.1 base score is 9.9 (critical), reflecting the high impact on confidentiality, integrity, and availability, as the attacker can write files anywhere on the server, potentially leading to remote code execution, privilege escalation, or persistent backdoors. The vulnerability has been publicly disclosed as of January 26, 2024, but no known exploits in the wild have been reported yet. The lack of patch links in the provided data suggests that users should urgently check GitLab’s official advisories for updates and patches. Given GitLab’s widespread use in software development and DevOps pipelines, this vulnerability poses a significant risk to organizations relying on GitLab for source code management and CI/CD workflows.

For European organizations, the impact of CVE-2024-0402 is substantial. GitLab is widely adopted across Europe in both private and public sectors for managing source code repositories and automating software delivery. Successful exploitation could allow attackers to write malicious files to arbitrary locations on GitLab servers, potentially leading to full system compromise, data breaches, or disruption of critical development pipelines. This could result in intellectual property theft, sabotage of software builds, insertion of malicious code into production software, and downtime of development environments. Given the criticality of software supply chain security, this vulnerability could also indirectly affect downstream customers and partners. Organizations in regulated industries such as finance, healthcare, and government could face compliance violations and reputational damage if exploited. The requirement for authentication limits exposure to insiders or compromised accounts, but the risk remains high due to the privileged nature of GitLab users and the potential for lateral movement within networks.

European organizations should immediately verify their GitLab versions and upgrade to the fixed versions 16.6.6, 16.7.4, or 16.8.1 or later as soon as official patches are available. Until patches are applied, organizations should restrict GitLab access to trusted users only and enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of credential compromise. Monitoring and logging of workspace creation activities should be enhanced to detect anomalous file writes or path traversal attempts. Network segmentation and least privilege principles should be applied to limit the impact of a compromised GitLab server. Additionally, organizations should conduct thorough audits of GitLab server file systems for unauthorized files or modifications and review CI/CD pipeline configurations for suspicious changes. Incident response plans should be updated to include this vulnerability scenario. Finally, organizations should subscribe to GitLab security advisories and threat intelligence feeds to stay informed about exploit developments and patches.