CVE-2018-8801 — Server-Side Request Forgery in Gitlab

CWE-918 — Server-Side Request Forgery5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 61.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedApr 25

Latest updateMay 14

Description

GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDgitlab/gitlab8.3 — 10.3

▶debiandebian/gitlab< gitlab 10.5.6+dfsg-1 (sid)

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-wx2f-993h-v22p: GitLab Community and Enterprise Editions version 8↗2022-05-14

▶

OSV

CVE-2018-8801: GitLab Community and Enterprise Editions version 8↗2018-04-25

▶

📋Vendor Advisories

GitLab

CVE-2018-8801: GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.↗2018-04-25

▶

Debian

CVE-2018-8801: gitlab - GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are ...↗2018

▶