CVE-2018-19495

MEDIUM

GitLab < 11.3.11, 11.4.x < 11.4.8, 11.5.x < 11.5.1 - Server-Side Request Forgery via Prometheus Integration

Title source: llm
STIX 2.1

Description

An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration.

References (2)

Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://gitlab.com/gitlab-org/gitlab-ee/issues/8167

Scores

CVSS v3 6.5
EPSS 0.0098
EPSS Percentile 58.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-918
Status published
Products (1)
gitlab/gitlab < 11.3.11 (2 CPE variants)
Published Jul 10, 2019
Tracked Since Feb 18, 2026