Less than two weeks after having plugged a security hole that allows account takeover without user interaction, GitLab Inc. has patched a critical vulnerability in GitLab CE/EE again and is urging users to update their installations immediately.
GitLab Inc. operates GitLab.com and develops GitLab Community Edition and Enterprise Edition, a widely used software development platform with built-in version control, issue tracking, code review, etc.
As a self-managed platform, GitLab can be deployed on on-prem servers, Kubernetes, or with a cloud provider.
CVE-2024-0402 is a vulnerability that may allow an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
Discovered by a GitLab team member, CVE-2024-0402 has been fixed in GitLab CE/EE versions 16.5.8, 16.6.6, 16.7.4, and 16.8.1.
“GitLab.com and GitLab Dedicated environments are already running the patched version,” the company has added.