CVE-2018-14364
CRITICALGitLab <10.7.7, <10.8.6, <11.0.4 - Path Traversal
Title source: llmDescription
GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.
References (3)
Core 3
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/gitlab-ce/issues/49133
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/378148
Vendor Advisory x_refsource_confirm
https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/
Scores
CVSS v3
9.8
EPSS
0.3969
EPSS Percentile
97.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
gitlab/gitlab
< 10.7.7 (2 CPE variants)
Published
Jul 18, 2018
Tracked Since
Feb 18, 2026