AVG-802

Package gitlab
Status Not affected
Severity High
Type multiple issues
Affected 11.4.0-1
Fixed 11.4.3-2
Current 12.0.3-1 [community]
Ticket None
Created Thu Nov 1 20:10:59 2018
Issue Severity Remote Type Description
CVE-2018-18843 High Yes Cross-site request forgery
The GitLab Kubernetes integration was vulnerable to a SSRF issue which could allow an attacker to make requests to access any internal URLs
CVE-2018-18647 Medium Yes Access restriction bypass
A security issue has been found in gitlab versions prior to 11.4.3, where the protected_branches API was vulnerable to an issue which allowed an...
CVE-2018-18644 Medium Yes Information disclosure
A security issue has been found in gitlab versions prior to 11.4.3, where the Prometheus integration was vulnerable to an indirect object reference issue...
CVE-2018-18642 Medium Yes Cross-site scripting
A security issue has been found in gitlab versions prior to 11.4.3, where the license management and security reports pages contained a lack of input...
Notes
Affects only the enterprise edition, not the community edition.