CVE-2018-18649

CRITICAL

Gitlab < 11.3.8 - Remote Code Execution

Title source: rule

Description

An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution.

Exploits (1)

nomisec WORKING POC 4 stars

by Snowming04 · poc

https://github.com/Snowming04/CVE-2018-18649

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/

[Broken Link, Vendor Advisory] https://gitlab.com/gitlab-org/gitlab-ce/issues/53072

Scores

CVSS v3 9.8

EPSS 0.5497

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

gitlab/gitlab 11.3.0 - 11.3.8 (2 CPE variants)

Published Nov 29, 2018

Tracked Since Feb 18, 2026