CVE-2024-0402
📋 TL;DR
This critical vulnerability in GitLab allows authenticated users to write files to arbitrary locations on the server while creating a workspace, enabling potential remote code execution. It affects all GitLab CE/EE instances running vulnerable versions. Attackers could gain full control of affected systems.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Full system compromise leading to data theft, ransomware deployment, or complete infrastructure takeover
Likely Case
Unauthorized file writes leading to privilege escalation, data exfiltration, or backdoor installation
If Mitigated
Limited impact if proper network segmentation and access controls prevent lateral movement
🎯 Exploit Status
Requires authenticated user access; exploitation is straightforward once authenticated
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 16.6.6, 16.7.4, or 16.8.1
Vendor Advisory: https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to patched version using your package manager. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Disable workspace creation
linuxTemporarily disable workspace creation feature to prevent exploitation
gitlab-rails runner "ApplicationSetting.current.update!(workspace_creation_enabled: false)"
🧯 If You Can't Patch
- Restrict user access to only trusted accounts
- Implement network segmentation to isolate GitLab from critical systems
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via admin panel or command: cat /opt/gitlab/version-manifest.txtCheck Version:
sudo gitlab-rake gitlab:env:info | grep 'GitLab version'Verify Fix Applied:
Confirm version is 16.6.6, 16.7.4, or 16.8.1 or higher📡 Detection & Monitoring
Log Indicators:
- Unusual file write operations in GitLab logs
- Multiple workspace creation attempts from single user
Network Indicators:
- Unexpected outbound connections from GitLab server
SIEM Query:
source="gitlab" AND ("workspace" OR "file_write") AND severity="critical"