vulnerability
Gitlab Gitlab: CVE-2018-19571: Server-Side Request Forgery (SSRF)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Jul 10, 2019 | Apr 22, 2025 | Sep 18, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Jul 10, 2019
Added
Apr 22, 2025
Modified
Sep 18, 2025
Description
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
Solution
gitlab-gitlab-upgrade-latest
References
- CWE-918
- CVE-2018-19571
- https://attackerkb.com/topics/CVE-2018-19571
- URL-http://packetstormsecurity.com/files/160516/GitLab-11.4.7-Remote-Code-Execution.html
- URL-http://packetstormsecurity.com/files/160699/GitLab-11.4.7-Remote-Code-Execution.html
- URL-https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
- URL-https://gitlab.com/gitlab-org/gitlab-ce/issues/53242
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.