CVE-2018-14364: Path Traversal
First published: Wed Jul 18 2018(Updated: )
GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | <10.7.7 | |
| GitLab | <10.7.7 | |
| GitLab | >=10.8.0<10.8.6 | |
| GitLab | >=10.8.0<10.8.6 | |
| GitLab | >=11.0<11.0.4 | |
| GitLab | >=11.0<11.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-14364?
CVE-2018-14364 is classified as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2018-14364?
To fix CVE-2018-14364, upgrade GitLab to version 10.7.7 or later, or to version 10.8.6 or later for 10.8.x, or 11.0.4 or later for 11.x.
Which GitLab versions are affected by CVE-2018-14364?
CVE-2018-14364 affects GitLab Community and Enterprise Editions before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4.
What type of vulnerability is CVE-2018-14364?
CVE-2018-14364 is a directory traversal vulnerability that allows write access and potential remote code execution.
Is CVE-2018-14364 specific to certain GitLab editions?
Yes, CVE-2018-14364 affects both the GitLab Community and Enterprise Editions.
- agent/type
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/10.8.0
- version/gitlab/11.0