VDB
CVE-2018-14364
CVE-2018-14364
PUBLISHED
CVSS 7.5 HIGH
GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.
EPSS 39.69% · 97.4th percentile
Risk Scores
CVSS v2.0
7.5
EPSS Score
39.69%
97.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| gitlab | gitlab | 0, 0, 10.8.0 |
| n/a | n/a | n/a |
Timeline
- Jul 18, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 8, 2023 EPSS Score
- Mar 6, 2024 EPSS Score
- May 27, 2024 EPSS Score
- Aug 5, 2024 CVE Updated
- Oct 21, 2024 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 18, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
References
- https://gitlab.com/gitlab-org/gitlab-ce/issues/49133 url
- https://hackerone.com/reports/378148 url
- https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/ url
- https://nvd.nist.gov/vuln/detail/CVE-2018-14364 advisory
- https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released url