CVE-2024-0402 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab

https://notcve.org/view.php?id=CVE-2024-0402

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. Se descubrió un problema en GitLab CE/EE que afecta a todas las versiones desde 16.0 anterior a 16.6.6, 16.7 anterior a 16.7.4 y 16.8 anterior a 16.8.1, lo que permite a un usuario autenticado escribir archivos en ubicaciones arbitrarias en el servidor GitLab mientras crea un workspace. • https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released https://gitlab.com/gitlab-org/gitlab/-/issues/437819 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •