CVE-2018-17450 — Vulnetix

CVE-2018-17450 PUBLISHED CVSS 4.300000190734863 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token.

EPSS 0.12% · 31.1th percentile

Risk Scores

CVSS v3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.12%

31.1th percentile

Affected Products

Vendor	Product	Versions
gitlab	gitlab	0, 11.2.0, 11.3.0
n/a	n/a	n/a

Timeline

Apr 15, 2023 CVE Published
Apr 16, 2023 EPSS Score
May 24, 2023 EPSS Score
Jun 30, 2023 EPSS Score
Aug 7, 2023 EPSS Score
Sep 13, 2023 EPSS Score
Oct 21, 2023 EPSS Score
Nov 27, 2023 EPSS Score
Jan 4, 2024 EPSS Score
Feb 10, 2024 EPSS Score
Mar 19, 2024 EPSS Score
Apr 25, 2024 EPSS Score

References

https://about.gitlab.com/blog/categories/releases/ technical
https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ url
https://nvd.nist.gov/vuln/detail/CVE-2018-17450 advisory
https://about.gitlab.com/blog/categories/releases url
https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released url

Open in Interactive Console →