CVE-2018-18643

Name
CVE-2018-18643
Description
GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://gitlab.com/gitlab-org/gitlab-ce/issues/53385
Vendor Advisory https://about.gitlab.com/blog/categories/releases/
Vendor Advisory https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* gitlab >= 11.4.0 < 11.4.6
cpe:2.3:a:gitlab:gitlab:11.5.0:-:*:*:enterprise:*:*:* gitlab == None == 11.5.0
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* gitlab >= 11.3.0 < 11.3.10
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* gitlab >= None <= 11.2.0
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* gitlab >= 11.4.7 <= 11.4.9

Vulnerable and fixed packages

Source package Branch Version Maintainer Status