CVE-2018-18644

Name
CVE-2018-18644
Description
An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://gitlab.com/gitlab-org/gitlab-ee/issues/7528
Vendor Advisory https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* gitlab >= 11.4.0 < 11.4.3
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* gitlab >= 11.2.0 < 11.2.7
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* gitlab >= 11.3.0 < 11.3.8

Vulnerable and fixed packages

Source package Branch Version Maintainer Status