Server-Side Request Forgery (SSRF) in Gitlab Community Edition - CVE-2018-8801
Published: April 25, 2018 / Updated: July 17, 2020
Vulnerability identifier: #VU31317
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-8801
CWE-ID: CWE-918
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: GitLab, Inc
Affected software:
Gitlab Community Edition
Gitlab Community Edition
Detailed vulnerability description
The vulnerability allows a remote authenticated user to gain access to sensitive information.
GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.
How to mitigate CVE-2018-8801
Install update from vendor's website.