CVE-2018-8801
published 2018-04-25CVE-2018-8801: GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.
PriorityP432medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EPSS
1.33%
67.7th percentile
GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 10.5.6+dfsg-1 (sid) | gitlab 10.5.6+dfsg-1 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 8.3 < 10.3 | 10.3 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wx2f-993h-v22p: GitLab Community and Enterprise Editions version 8
ghsa_unreviewed·2022-05-14
CVE-2018-8801 [MEDIUM] CWE-918 GHSA-wx2f-993h-v22p: GitLab Community and Enterprise Editions version 8
GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.
OSV
CVE-2018-8801: GitLab Community and Enterprise Editions version 8
osv·2018-04-25·CVSS 6.5
CVE-2018-8801 [MEDIUM] CVE-2018-8801: GitLab Community and Enterprise Editions version 8
GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.
GitLab
CVE-2018-8801: GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.
vendor_gitlab·2018-04-25·CVSS 6.5
CVE-2018-8801 [MEDIUM] CWE-918 CVE-2018-8801: GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.
CVE-2018-8801: GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.
Debian
CVE-2018-8801: gitlab - GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are ...
vendor_debian·2018·CVSS 6.5
CVE-2018-8801 [MEDIUM] CVE-2018-8801: gitlab - GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are ...
GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.
Scope: local
sid: resolved (fixed in 10.5.6+dfsg-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.mdhttps://gitlab.com/gitlab-org/gitlab-ce/issues/41642https://hackerone.com/reports/301924https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.mdhttps://gitlab.com/gitlab-org/gitlab-ce/issues/41642https://hackerone.com/reports/301924
2018-04-25
Published