SB2018042527 - Server-Side Request Forgery (SSRF) in GitLab, Gitlab Community Edition
Published: April 25, 2018 Updated: July 17, 2020
Security Bulletin ID
SB2018042527
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2018-8801)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.
Remediation
Install update from vendor's website.