CVE-2018-8801
MEDIUMGitLab 8.3-10.x - Server-Side Request Forgery in Services and Webhooks
Title source: llmDescription
GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/301924
Release Notes, Vendor Advisory x_refsource_misc
https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md
Issue Tracking, Vendor Advisory x_refsource_misc
https://gitlab.com/gitlab-org/gitlab-ce/issues/41642
Scores
CVSS v3
6.5
EPSS
0.0018
EPSS Percentile
38.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-918
Status
published
Products (1)
gitlab/gitlab
8.3 - 10.3 (2 CPE variants)
Published
Apr 25, 2018
Tracked Since
Feb 18, 2026