A GitLab vulnerability enabling file writing to arbitrary locations on a server was patched last Thursday, two weeks after the company patched a critical account takeover bug. The latest vulnerability, tracked as CVE-2024-0402, received a CVSS score of 9.9 and allows authenticated users to write files anywhere on a GitLab server while creating a workspace.
Source: SC Magazine