CVE-2018-19571

Severity CVSS v4.0:
Pending analysis
Type:
CWE-918 Server-Side Request Forgery (SSRF)
Publication date:
10/07/2019
Last modified:
01/03/2023

Description

GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 8.18.0 (including) 11.3.11 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 8.18.0 (including) 11.3.11 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 11.4.0 (including) 11.4.8 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 11.4.0 (including) 11.4.8 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 11.5.0 (including) 11.5.1 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 11.5.0 (including) 11.5.1 (excluding)