Main Vulnerability Database Exploits ID:4934 - Exploit for Server-Side Request Forgery (SSRF) in Gitlab Community Edition - CVE-2018-19571

ID:4934 - Exploit for Server-Side Request Forgery (SSRF) in Gitlab Community Edition - CVE-2018-19571

Published: December 16, 2020

Vulnerability identifier: #VU30988

Vulnerability risk: Medium

CVE-ID: CVE-2018-19571

CWE-ID: CWE-918

Exploitation vector: Remote access

Vulnerable software:
Gitlab Community Edition

Link to public exploit:

https://github.com/dotPY-hax/gitlab_RCE

Vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.

Remediation

Install update from vendor's website.

ID:4934 - Exploit for Server-Side Request Forgery (SSRF) in Gitlab Community Edition - CVE-2018-19571

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human