Description
Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.
References (5)
Scores
CVSS v3
7.8
EPSS
0.0416
EPSS Percentile
88.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
CWE-377
Status
published
Products (2)
debian/debian_linux
9.0
gitlab/gitlab
8.9.0 - 9.5.10 (2 CPE variants)
Published
Mar 21, 2018
Tracked Since
Feb 18, 2026