vulnerability

FreeBSD: VID-065B3B72-C5AB-11E8-9AE2-001B217B3468 (CVE-2018-17453): Gitlab -- multiple vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Oct 1, 2018	Oct 2, 2018	Jan 28, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Oct 1, 2018

Added

Oct 2, 2018

Modified

Jan 28, 2025

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-065B3B72-C5AB-11E8-9AE2-001B217B3468:

Gitlab reports:

SSRF GCP access token disclosure

Persistent XSS on issue details

Diff formatter DoS in Sidekiq jobs

Confidential information disclosure in events API endpoint

validate_localhost function in url_blocker.rb could be bypassed

Slack integration CSRF Oauth2

GRPC::Unknown logging token disclosure

IDOR merge request approvals

Persistent XSS package.json

Persistent XSS merge request project import

Solution

freebsd-upgrade-package-gitlab-ce

References

NVD-CVE-2018-17453

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today