CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-18843

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0100%
EPSS Percentile4.90th
Published2018年12月4日
Last Modified2024年11月21日

Vulnerability Description

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.

Affected Platforms (CPE)

📦
Gitlab

Gitlab

>= 11.0.0 and < 11.2.8
📦
Gitlab

Gitlab

>= 11.3.0 and < 11.3.9
📦
Gitlab

Gitlab

>= 11.4.0 and < 11.4.4

References & Advisories

🔗 https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/
🔗 https://gitlab.com/gitlab-org/gitlab-ce/issues/53158
🔗 https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/
🔗 https://gitlab.com/gitlab-org/gitlab-ce/issues/53158

関連する脆弱性情報

CVE-2020-541510.0

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoo...

CVE-2021-2220510.0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image f...

CVE-2019-917410.0

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1....

CVE-2021-221929.9

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users t...