home.social

#pathtraversal — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #pathtraversal, aggregated by home.social.

  1. ⚠️ Emmett framework (2.5.0 – <2.8.1) suffers from a CRITICAL path traversal (CVE-2026-39847). Attackers can remotely read files outside the asset directory. Patch by upgrading to 2.8.1+. Details: radar.offseq.com/threat/cve-20 #OffSeq #Emmett #PathTraversal #CVE202639847

  2. ⚠️ Emmett framework (2.5.0 – <2.8.1) suffers from a CRITICAL path traversal (CVE-2026-39847). Attackers can remotely read files outside the asset directory. Patch by upgrading to 2.8.1+. Details: radar.offseq.com/threat/cve-20 #OffSeq #Emmett #PathTraversal #CVE202639847

  3. ⚠️ Emmett framework (2.5.0 – <2.8.1) suffers from a CRITICAL path traversal (CVE-2026-39847). Attackers can remotely read files outside the asset directory. Patch by upgrading to 2.8.1+. Details: radar.offseq.com/threat/cve-20 #OffSeq #Emmett #PathTraversal #CVE202639847

  4. ⚠️ Emmett framework (2.5.0 – <2.8.1) suffers from a CRITICAL path traversal (CVE-2026-39847). Attackers can remotely read files outside the asset directory. Patch by upgrading to 2.8.1+. Details: radar.offseq.com/threat/cve-20 #OffSeq #Emmett #PathTraversal #CVE202639847

  5. Struggling with the #Java Path API in

    safePrefix(Path prefix, Path tail)

    to resolve tail onto prefix or return null if the result is not a file **below** prefix. This shall prevent path traversal attacks. The code is ugly.

    codeberg.org/harald/Codeschnip

    The tricky shit is in things like safePrefix("..", "..") where Path.normalize() does not what we might like it to do.

    I would be happy about any code review I can get. (So boosts would be nice.)

    #PathTraversal #path #security #codeReview

  6. Messing for hours with #Java Path api. Safely do:
    - given input path, possibly adversarial
    - prefix it with a configured outPrefix
    - ** make sure the result really points to a file/dir below outPrefix **

    Consider a somewhat unluckily configured outPrefix = ".." and an adversarial path "../..". Path.of("../..").startsWith("..") is true. But startsWith() is what AI-coders and even stackoverflow suggest. 😱

    FAIL.

    stackoverflow.com/a/50731050/2

    #pathTraversal #security #itsecurity #pathTraversalAttac

  7. Dziurawe cyfrowe ramki na zdjęcia – szereg poważnych luk bezpieczeństwa w popularnych urządzeniach

    Doniesienia na temat problemów z bezpieczeństwem w świecie IoT znajdują się już w naszym stałym repertuarze, jednak opleceni coraz gęstszą siecią sprzętu zaliczanego do tej grupy często nie zdajemy sobie sprawy skąd czyhają kolejne zagrożenia. Tym razem pochylimy się nad raportem zespołu Quokka. Badacze wzięli na warsztat popularne cyfrowe ramki...

    #Aktualności #Android #Awareness #Botnet #Chiny #Fotografie #Malware #Md5 #PathTraversal #Quokka #Ramki #Szpiegostwo #Uhale #Wyciek

    sekurak.pl/dziurawe-cyfrowe-ra

  8. Dziurawe cyfrowe ramki na zdjęcia – szereg poważnych luk bezpieczeństwa w popularnych urządzeniach

    Doniesienia na temat problemów z bezpieczeństwem w świecie IoT znajdują się już w naszym stałym repertuarze, jednak opleceni coraz gęstszą siecią sprzętu zaliczanego do tej grupy często nie zdajemy sobie sprawy skąd czyhają kolejne zagrożenia. Tym razem pochylimy się nad raportem zespołu Quokka. Badacze wzięli na warsztat popularne cyfrowe ramki...

    #Aktualności #Android #Awareness #Botnet #Chiny #Fotografie #Malware #Md5 #PathTraversal #Quokka #Ramki #Szpiegostwo #Uhale #Wyciek

    sekurak.pl/dziurawe-cyfrowe-ra

  9. Dziurawe cyfrowe ramki na zdjęcia – szereg poważnych luk bezpieczeństwa w popularnych urządzeniach

    Doniesienia na temat problemów z bezpieczeństwem w świecie IoT znajdują się już w naszym stałym repertuarze, jednak opleceni coraz gęstszą siecią sprzętu zaliczanego do tej grupy często nie zdajemy sobie sprawy skąd czyhają kolejne zagrożenia. Tym razem pochylimy się nad raportem zespołu Quokka. Badacze wzięli na warsztat popularne cyfrowe ramki...

    #Aktualności #Android #Awareness #Botnet #Chiny #Fotografie #Malware #Md5 #PathTraversal #Quokka #Ramki #Szpiegostwo #Uhale #Wyciek

    sekurak.pl/dziurawe-cyfrowe-ra

  10. Dziurawe cyfrowe ramki na zdjęcia – szereg poważnych luk bezpieczeństwa w popularnych urządzeniach

    Doniesienia na temat problemów z bezpieczeństwem w świecie IoT znajdują się już w naszym stałym repertuarze, jednak opleceni coraz gęstszą siecią sprzętu zaliczanego do tej grupy często nie zdajemy sobie sprawy skąd czyhają kolejne zagrożenia. Tym razem pochylimy się nad raportem zespołu Quokka. Badacze wzięli na warsztat popularne cyfrowe ramki...

    #Aktualności #Android #Awareness #Botnet #Chiny #Fotografie #Malware #Md5 #PathTraversal #Quokka #Ramki #Szpiegostwo #Uhale #Wyciek

    sekurak.pl/dziurawe-cyfrowe-ra

  11. Dziurawe cyfrowe ramki na zdjęcia – szereg poważnych luk bezpieczeństwa w popularnych urządzeniach

    Doniesienia na temat problemów z bezpieczeństwem w świecie IoT znajdują się już w naszym stałym repertuarze, jednak opleceni coraz gęstszą siecią sprzętu zaliczanego do tej grupy często nie zdajemy sobie sprawy skąd czyhają kolejne zagrożenia. Tym razem pochylimy się nad raportem zespołu Quokka. Badacze wzięli na warsztat popularne cyfrowe ramki...

    #Aktualności #Android #Awareness #Botnet #Chiny #Fotografie #Malware #Md5 #PathTraversal #Quokka #Ramki #Szpiegostwo #Uhale #Wyciek

    sekurak.pl/dziurawe-cyfrowe-ra

  12. Wybrane urządzenia Fortineta pod ostrzałem – atakujący wykorzystywali 0day

    Zanim przejdziemy do konkretnego opisu  informacja dla administratorów:  podatne są następujące wersje  FortiWeb dla poszczególnych linii oprogramowania: Ponadto pojawiła się wreszcie oficjalna informacja od producenta (oraz identyfikator: CVE-2025-64446). Luka została wyceniona na 9.1 w skali CVSS 3.1 czyli krytyczna.   TLDR: Fortinet to firma, która bardzo często gości na naszych łamach....

    #Aktualności #Cgi #Fortinet #PathTraversal #Rce #Websec

    sekurak.pl/wybrane-urzadzenia-

  13. Aktualizujcie telewizory LG – podatność path traversal w popularnym systemie operacyjnym telewizorów

    Naszym ulubionym hasłem, dotyczącym IoT jest to, które mówi, że litera “s” w tym skrócie pochodzi od “security”. Niestety oprócz przydatnych funkcji umilających życie, “smart” urządzenia niosą za sobą większą powierzchnię ataku. A ponieważ użytkownik domowy nie zawsze pamięta o aktualizacjach komputera osobistego czy telefonu, to prawdopodobieństwo wgrania potrzebnych łatek...

    #WBiegu #Awareness #Iot #Lg #Pathtraversal #Podatność #Webos #Websec

    sekurak.pl/aktualizujcie-telew

  14. Podatność w WinRAR dla Windows wykorzystywana w atakach

    Badacze z firmy ESET informują, że podatność oznaczona symbolem CVE-2025-8088 jest aktywnie wykorzystywana przez powiązaną z Rosją grupę RomCom. Opisywana podatność została załatana w wersji WinRAR 7.13 i dotyczy wyłącznie systemów Windows. TLDR: Podatność wykorzystuje ADS systemu NTFS (ang. Alternate Data Streams, de facto Tomek Turba wskazywał ten problem na poprzednim Mega Sekurak Hacking...

    #WBiegu #ADS #Cve #PathTraversal #Podatność #Windows #Winrar

    sekurak.pl/podatnosc-w-winrar-

  15. Podatność RCE w popularnej usłudze zarządzania wersją git – Gogs

    Z naszego pentesterskiego doświadczenia wynika, że jedną z często hostowanych usług w organizacjach są systemy zarządzania wersją. Prymat wiodą tutaj rozwiązania oparte o git’a, w szczególności GitLab (o którym pisaliśmy niejednokrotnie). Każdemu zdarzają się wpadki – nasze doświadczenia z GitLabem są w dużej mierze pozytywne. Program BugBounty jest dobrze prowadzony...

    #WBiegu #Githook #Gogs #PathTraversal #Rce #Websec

    sekurak.pl/podatnosc-rce-w-pop

  16. Podatność RCE w popularnej usłudze zarządzania wersją git – Gogs

    Z naszego pentesterskiego doświadczenia wynika, że jedną z często hostowanych usług w organizacjach są systemy zarządzania wersją. Prymat wiodą tutaj rozwiązania oparte o git’a, w szczególności GitLab (o którym pisaliśmy niejednokrotnie). Każdemu zdarzają się wpadki – nasze doświadczenia z GitLabem są w dużej mierze pozytywne. Program BugBounty jest dobrze prowadzony...

    #WBiegu #Githook #Gogs #PathTraversal #Rce #Websec

    sekurak.pl/podatnosc-rce-w-pop

  17. Podatność RCE w popularnej usłudze zarządzania wersją git – Gogs

    Z naszego pentesterskiego doświadczenia wynika, że jedną z często hostowanych usług w organizacjach są systemy zarządzania wersją. Prymat wiodą tutaj rozwiązania oparte o git’a, w szczególności GitLab (o którym pisaliśmy niejednokrotnie). Każdemu zdarzają się wpadki – nasze doświadczenia z GitLabem są w dużej mierze pozytywne. Program BugBounty jest dobrze prowadzony...

    #WBiegu #Githook #Gogs #PathTraversal #Rce #Websec

    sekurak.pl/podatnosc-rce-w-pop

  18. Podatność RCE w popularnej usłudze zarządzania wersją git – Gogs

    Z naszego pentesterskiego doświadczenia wynika, że jedną z często hostowanych usług w organizacjach są systemy zarządzania wersją. Prymat wiodą tutaj rozwiązania oparte o git’a, w szczególności GitLab (o którym pisaliśmy niejednokrotnie). Każdemu zdarzają się wpadki – nasze doświadczenia z GitLabem są w dużej mierze pozytywne. Program BugBounty jest dobrze prowadzony...

    #WBiegu #Githook #Gogs #PathTraversal #Rce #Websec

    sekurak.pl/podatnosc-rce-w-pop

  19. Podatność RCE w popularnej usłudze zarządzania wersją git – Gogs

    Z naszego pentesterskiego doświadczenia wynika, że jedną z często hostowanych usług w organizacjach są systemy zarządzania wersją. Prymat wiodą tutaj rozwiązania oparte o git’a, w szczególności GitLab (o którym pisaliśmy niejednokrotnie). Każdemu zdarzają się wpadki – nasze doświadczenia z GitLabem są w dużej mierze pozytywne. Program BugBounty jest dobrze prowadzony...

    #WBiegu #Githook #Gogs #PathTraversal #Rce #Websec

    sekurak.pl/podatnosc-rce-w-pop

  20. I analyzed three months of data from path-traversal attacks against SolarWinds Serv-U and wrote up my findings. Check it out on the @greynoise Grimoire!

    labs.greynoise.io/grimoire/202

    #Cybersecurity #blog #PathTraversal #Exploit

  21. Podatność Path traversal w Splunk Enterprise na Windows

    W oprogramowaniu Splunk Enterprise działającym na systemach Windows ujawniona została niedawno podatność typu path traversal, pozwalająca atakującemu na nieuprawniony dostęp do plików na podatnym systemie. Błąd może wykorzystać zdalnie nieuwierzytelniony atakujący i sprowadza się do wysłania pojedynczego żądania HTTP GET. Do wykorzystania może dojść w ścieżce /modules/messaging/ na instancjach Splunk z włączonym modułem...

    #WBiegu #Cve #PathTraversal #Podatność #Python #Splunk #Websecurity

    sekurak.pl/podatnosc-path-trav

  22. Check Point Vulnerability Report: CVE-2024-24919

    Date: May 29, 2024

    CVE: CVE-2024-24919

    Vulnerability Type: Exposure of Sensitive Information to an Unauthorized Actor

    CWE: [[CWE-22]], [[CWE-425]]

    Sources: Check Point, [Tenable](CVE-2024-24919 | Tenable®) Tenable Blog

    Synopsis

    A critical vulnerability (CVE-2024-24919) has been identified in Check Point's CloudGuard Network Security appliance, allowing unauthorized actors to access sensitive information.

    Issue Summary

    The vulnerability, categorized as an 'Exposure of Sensitive Information to an Unauthorized Actor,' affects Check Point's CloudGuard Network Security appliances. Attackers can exploit this vulnerability to read sensitive information from gateways connected to the Internet and enabled with Remote Access VPN or Mobile Access. The flaw is actively exploited in the wild, making it a high-priority issue for administrators.

    Technical Key Findings

    The vulnerability arises from a path traversal issue in the appliance's handling of certain HTTP requests. Attackers can manipulate the request paths to access files on the device, bypassing standard access controls. The exploit involves sending crafted HTTP requests to the vulnerable endpoint, allowing unauthorized file reads.

    Vulnerable Products

    • Check Point CloudGuard Network Security appliances with Remote Access VPN or Mobile Access enabled.

    Impact Assessment

    Exploiting this vulnerability can lead to unauthorized access to sensitive information, such as configuration files and password hashes. This could potentially escalate to full system compromise if critical files are accessed and misused.

    Patches or Workaround

    Check Point has released a hotfix to address this vulnerability. Administrators are urged to apply the patch immediately. The company also recommends placing the vulnerable gateway behind another security gateway with IPS and SSL inspection enabled as a temporary mitigation.

    Tags

    #CheckPoint #CVE-2024-24919 #InformationDisclosure #PathTraversal #NetworkSecurity #CloudGuard #SecurityPatch #VulnerabilityManagement #threatintelligence

  23. Check Point Vulnerability Report: CVE-2024-24919

    Date: May 29, 2024

    CVE: CVE-2024-24919

    Vulnerability Type: Exposure of Sensitive Information to an Unauthorized Actor

    CWE: [[CWE-22]], [[CWE-425]]

    Sources: Check Point, [Tenable](CVE-2024-24919 | Tenable®) Tenable Blog

    Synopsis

    A critical vulnerability (CVE-2024-24919) has been identified in Check Point's CloudGuard Network Security appliance, allowing unauthorized actors to access sensitive information.

    Issue Summary

    The vulnerability, categorized as an 'Exposure of Sensitive Information to an Unauthorized Actor,' affects Check Point's CloudGuard Network Security appliances. Attackers can exploit this vulnerability to read sensitive information from gateways connected to the Internet and enabled with Remote Access VPN or Mobile Access. The flaw is actively exploited in the wild, making it a high-priority issue for administrators.

    Technical Key Findings

    The vulnerability arises from a path traversal issue in the appliance's handling of certain HTTP requests. Attackers can manipulate the request paths to access files on the device, bypassing standard access controls. The exploit involves sending crafted HTTP requests to the vulnerable endpoint, allowing unauthorized file reads.

    Vulnerable Products

    • Check Point CloudGuard Network Security appliances with Remote Access VPN or Mobile Access enabled.

    Impact Assessment

    Exploiting this vulnerability can lead to unauthorized access to sensitive information, such as configuration files and password hashes. This could potentially escalate to full system compromise if critical files are accessed and misused.

    Patches or Workaround

    Check Point has released a hotfix to address this vulnerability. Administrators are urged to apply the patch immediately. The company also recommends placing the vulnerable gateway behind another security gateway with IPS and SSL inspection enabled as a temporary mitigation.

    Tags

    #CheckPoint #CVE-2024-24919 #InformationDisclosure #PathTraversal #NetworkSecurity #CloudGuard #SecurityPatch #VulnerabilityManagement #threatintelligence

  24. Check Point Vulnerability Report: CVE-2024-24919

    Date: May 29, 2024

    CVE: CVE-2024-24919

    Vulnerability Type: Exposure of Sensitive Information to an Unauthorized Actor

    CWE: [[CWE-22]], [[CWE-425]]

    Sources: Check Point, [Tenable](CVE-2024-24919 | Tenable®) Tenable Blog

    Synopsis

    A critical vulnerability (CVE-2024-24919) has been identified in Check Point's CloudGuard Network Security appliance, allowing unauthorized actors to access sensitive information.

    Issue Summary

    The vulnerability, categorized as an 'Exposure of Sensitive Information to an Unauthorized Actor,' affects Check Point's CloudGuard Network Security appliances. Attackers can exploit this vulnerability to read sensitive information from gateways connected to the Internet and enabled with Remote Access VPN or Mobile Access. The flaw is actively exploited in the wild, making it a high-priority issue for administrators.

    Technical Key Findings

    The vulnerability arises from a path traversal issue in the appliance's handling of certain HTTP requests. Attackers can manipulate the request paths to access files on the device, bypassing standard access controls. The exploit involves sending crafted HTTP requests to the vulnerable endpoint, allowing unauthorized file reads.

    Vulnerable Products

    • Check Point CloudGuard Network Security appliances with Remote Access VPN or Mobile Access enabled.

    Impact Assessment

    Exploiting this vulnerability can lead to unauthorized access to sensitive information, such as configuration files and password hashes. This could potentially escalate to full system compromise if critical files are accessed and misused.

    Patches or Workaround

    Check Point has released a hotfix to address this vulnerability. Administrators are urged to apply the patch immediately. The company also recommends placing the vulnerable gateway behind another security gateway with IPS and SSL inspection enabled as a temporary mitigation.

    Tags

    #CheckPoint #CVE-2024-24919 #InformationDisclosure #PathTraversal #NetworkSecurity #CloudGuard #SecurityPatch #VulnerabilityManagement #threatintelligence

  25. Check Point Vulnerability Report: CVE-2024-24919

    Date: May 29, 2024

    CVE: CVE-2024-24919

    Vulnerability Type: Exposure of Sensitive Information to an Unauthorized Actor

    CWE: [[CWE-22]], [[CWE-425]]

    Sources: Check Point, [Tenable](CVE-2024-24919 | Tenable®) Tenable Blog

    Synopsis

    A critical vulnerability (CVE-2024-24919) has been identified in Check Point's CloudGuard Network Security appliance, allowing unauthorized actors to access sensitive information.

    Issue Summary

    The vulnerability, categorized as an 'Exposure of Sensitive Information to an Unauthorized Actor,' affects Check Point's CloudGuard Network Security appliances. Attackers can exploit this vulnerability to read sensitive information from gateways connected to the Internet and enabled with Remote Access VPN or Mobile Access. The flaw is actively exploited in the wild, making it a high-priority issue for administrators.

    Technical Key Findings

    The vulnerability arises from a path traversal issue in the appliance's handling of certain HTTP requests. Attackers can manipulate the request paths to access files on the device, bypassing standard access controls. The exploit involves sending crafted HTTP requests to the vulnerable endpoint, allowing unauthorized file reads.

    Vulnerable Products

    • Check Point CloudGuard Network Security appliances with Remote Access VPN or Mobile Access enabled.

    Impact Assessment

    Exploiting this vulnerability can lead to unauthorized access to sensitive information, such as configuration files and password hashes. This could potentially escalate to full system compromise if critical files are accessed and misused.

    Patches or Workaround

    Check Point has released a hotfix to address this vulnerability. Administrators are urged to apply the patch immediately. The company also recommends placing the vulnerable gateway behind another security gateway with IPS and SSL inspection enabled as a temporary mitigation.

    Tags

    #CheckPoint #CVE-2024-24919 #InformationDisclosure #PathTraversal #NetworkSecurity #CloudGuard #SecurityPatch #VulnerabilityManagement #threatintelligence

  26. Check Point Vulnerability Report: CVE-2024-24919

    Date: May 29, 2024

    CVE: CVE-2024-24919

    Vulnerability Type: Exposure of Sensitive Information to an Unauthorized Actor

    CWE: [[CWE-22]], [[CWE-425]]

    Sources: Check Point, [Tenable](CVE-2024-24919 | Tenable®) Tenable Blog

    Synopsis

    A critical vulnerability (CVE-2024-24919) has been identified in Check Point's CloudGuard Network Security appliance, allowing unauthorized actors to access sensitive information.

    Issue Summary

    The vulnerability, categorized as an 'Exposure of Sensitive Information to an Unauthorized Actor,' affects Check Point's CloudGuard Network Security appliances. Attackers can exploit this vulnerability to read sensitive information from gateways connected to the Internet and enabled with Remote Access VPN or Mobile Access. The flaw is actively exploited in the wild, making it a high-priority issue for administrators.

    Technical Key Findings

    The vulnerability arises from a path traversal issue in the appliance's handling of certain HTTP requests. Attackers can manipulate the request paths to access files on the device, bypassing standard access controls. The exploit involves sending crafted HTTP requests to the vulnerable endpoint, allowing unauthorized file reads.

    Vulnerable Products

    • Check Point CloudGuard Network Security appliances with Remote Access VPN or Mobile Access enabled.

    Impact Assessment

    Exploiting this vulnerability can lead to unauthorized access to sensitive information, such as configuration files and password hashes. This could potentially escalate to full system compromise if critical files are accessed and misused.

    Patches or Workaround

    Check Point has released a hotfix to address this vulnerability. Administrators are urged to apply the patch immediately. The company also recommends placing the vulnerable gateway behind another security gateway with IPS and SSL inspection enabled as a temporary mitigation.

    Tags

    #CheckPoint #CVE-2024-24919 #InformationDisclosure #PathTraversal #NetworkSecurity #CloudGuard #SecurityPatch #VulnerabilityManagement #threatintelligence

  27. GitLab Security Update: Critical Patches Released

    Date: April 24, 2024
    CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
    Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
    CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
    Sources: GitLab Security Release

    Issue Summary

    GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

    Technical Key findings

    Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

    Table of security fixes

    |Title|Severity|
    |---|---|
    |GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
    |Path Traversal leads to DoS and Restricted File Read|High|
    |Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
    |Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
    |Domain based restrictions bypass using a crafted email address|Medium|

    Vulnerable products

    • GitLab Community Edition (CE)
    • GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

    Impact assessment

    Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

    Patches or workaround

    Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

    Tags

    #GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease

  28. GitLab Security Update: Critical Patches Released

    Date: April 24, 2024
    CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
    Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
    CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
    Sources: GitLab Security Release

    Issue Summary

    GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

    Technical Key findings

    Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

    Table of security fixes

    |Title|Severity|
    |---|---|
    |GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
    |Path Traversal leads to DoS and Restricted File Read|High|
    |Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
    |Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
    |Domain based restrictions bypass using a crafted email address|Medium|

    Vulnerable products

    • GitLab Community Edition (CE)
    • GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

    Impact assessment

    Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

    Patches or workaround

    Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

    Tags

    #GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease

  29. GitLab Security Update: Critical Patches Released

    Date: April 24, 2024
    CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
    Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
    CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
    Sources: GitLab Security Release

    Issue Summary

    GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

    Technical Key findings

    Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

    Table of security fixes

    |Title|Severity|
    |---|---|
    |GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
    |Path Traversal leads to DoS and Restricted File Read|High|
    |Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
    |Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
    |Domain based restrictions bypass using a crafted email address|Medium|

    Vulnerable products

    • GitLab Community Edition (CE)
    • GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

    Impact assessment

    Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

    Patches or workaround

    Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

    Tags

    #GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease

  30. GitLab Security Update: Critical Patches Released

    Date: April 24, 2024
    CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
    Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
    CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
    Sources: GitLab Security Release

    Issue Summary

    GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

    Technical Key findings

    Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

    Table of security fixes

    |Title|Severity|
    |---|---|
    |GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
    |Path Traversal leads to DoS and Restricted File Read|High|
    |Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
    |Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
    |Domain based restrictions bypass using a crafted email address|Medium|

    Vulnerable products

    • GitLab Community Edition (CE)
    • GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

    Impact assessment

    Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

    Patches or workaround

    Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

    Tags

    #GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease

  31. GitLab Security Update: Critical Patches Released

    Date: April 24, 2024
    CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
    Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
    CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
    Sources: GitLab Security Release

    Issue Summary

    GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

    Technical Key findings

    Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

    Table of security fixes

    |Title|Severity|
    |---|---|
    |GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
    |Path Traversal leads to DoS and Restricted File Read|High|
    |Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
    |Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
    |Domain based restrictions bypass using a crafted email address|Medium|

    Vulnerable products

    • GitLab Community Edition (CE)
    • GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

    Impact assessment

    Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

    Patches or workaround

    Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

    Tags

    #GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease