CVE-2018-18649

high-risk
Published 2018-11-29

An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution.

Do I need to act?

!
55.0% chance of exploitation in next 30 days
EPSS score — higher than 45% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Gitlab

References (4)

Vendor Advisory https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-relea...
Broken Link https://gitlab.com/gitlab-org/gitlab-ce/issues/53072
Vendor Advisory https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-relea...
Broken Link https://gitlab.com/gitlab-org/gitlab-ce/issues/53072
57
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 18/34 · Moderate
Exposure 7/34 · Low