GitLab Security Flaw (CVE-2024-0402) Raises Concerns of File Overwrite Risk

Home/Exploitation, Internet Security, Mobile Security, Security Advisory, Security Update, Tips, vulnerability/GitLab Security Flaw (CVE-2024-0402) Raises Concerns of File Overwrite Risk

GitLab Security Flaw (CVE-2024-0402) Raises Concerns of File Overwrite Risk

In a recent security update, GitLab has released a patch addressing a critical vulnerability that could permit unauthorized users to overwrite files. This poses a risk of data corruption or the execution of arbitrary code. The vulnerability affects GitLab CE/EE across multiple versions.

GITLAB CRITICAL VULNERABILITY

A critical vulnerability, designated as CVE-2024-0402 and rated as high as 9.9 out of 10, has been discovered. This flaw enables attackers to execute arbitrary code on GitLab instances, posing risks of data theft, unauthorized access to sensitive information, and disruption of critical development operations. The vulnerability originates from a flaw in GitLab’s handling of incoming HTTP requests, allowing attackers to craft malicious requests and exploit the system.

To exploit CVE-2024-0402, an attacker initiates by crafting a malicious request incorporating directory traversal sequences (../../). These sequences are embedded within the parameters responsible for defining workspace paths. As the GitLab server processes this request, inadequate input validation permits these sequences to navigate beyond the intended workspace directory.

The exploitation chain unfolds as follows:

  1. Preparation:
    • The attacker devises a specifically crafted request, incorporating directory traversal characters and specifying the file they aim to overwrite.
  2. Execution:
    • The crafted request is transmitted to the GitLab server during the workspace creation process.
  3. Overwrite:
    • The server, inadequately validating the input, processes the request, resulting in the overwrite of the targeted file.
  4. Post-Exploitation:
    • Depending on the overwritten file, the attacker can achieve various malicious objectives, including code execution, privilege escalation, data tampering, or other malicious activities.

GITLAB RELEASES FIXES TO CVE-2024-0402

GitLab has issued patches for the critical vulnerability. It is strongly advised by experts that all installations running a version affected by the described issues should be promptly upgraded to the latest version. Notably, GitLab.com and GitLab Dedicated environments have already implemented the patched version. The security fix for this vulnerability has been backported to the following versions: 16.5.8, 16.6.6, 16.7.4, and 16.8.1.

GitLab has addressed four medium-severity vulnerabilities. These vulnerabilities have the potential to result in regular expression denial-of-service (ReDoS), HTML injection, and the exposure of a user’s public email address through the tags RSS feed.

MITIGATION

In addition to applying the patch, organizations are recommended to take further measures to enhance their security posture:

  1. Conduct a comprehensive review of system logs for any indications of exploitation or unusual activity.
  2. Regularly update all software components to their latest versions to mitigate vulnerabilities.
  3. Implement network segmentation and firewall rules to restrict access to critical systems.
  4. Integrate EDR/XDR with other security systems to improve coverage and incident response capabilities.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 284
By | 2024-02-15T08:10:29+05:30 February 2nd, 2024|Exploitation, Internet Security, Mobile Security, Security Advisory, Security Update, Tips, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!