vulnerability

Gitlab Gitlab: CVE-2018-18644: Exposure of Sensitive Information to an Unauthorized Actor

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Dec 4, 2018

Added

Sep 18, 2025

Modified

Mar 25, 2026

Description

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.

Solution

gitlab-gitlab-upgrade-latest

References

CWE-200
CVE-2018-18644
https://attackerkb.com/topics/CVE-2018-18644
https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
https://gitlab.com/gitlab-org/gitlab-ee/issues/7528
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-10360

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report