PT-2018-14688 · Gitlab · Gitlab Ce/Ee+1

Mayra Cabrera

Published

2018-12-04

Updated

2019-02-05

CVE-2018-18843

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GitLab Enterprise Edition versions 11.0.0 through 11.2.7 GitLab Enterprise Edition versions 11.3.0 through 11.3.8 GitLab Enterprise Edition versions 11.4.0 through 11.4.3

Description The issue affects the Kubernetes integration in GitLab Enterprise Edition, allowing for Server-Side Request Forgery (SSRF).

Recommendations For GitLab Enterprise Edition versions 11.0.0 through 11.2.7, update to version 11.2.8 or later. For GitLab Enterprise Edition versions 11.3.0 through 11.3.8, update to version 11.3.9 or later. For GitLab Enterprise Edition versions 11.4.0 through 11.4.3, update to version 11.4.4 or later.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2018-18843

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2018-14688 · Gitlab · Gitlab Ce/Ee+1

CVE-2018-18843

Weakness Enumeration

Related Identifiers

Affected Products

References · 6