CVE-2018-14603: CSRF
First published: Fri Jul 27 2018(Updated: )
An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | <10.8.7 | |
| GitLab | <10.8.7 | |
| GitLab | >=11.0.0<11.0.5 | |
| GitLab | >=11.0.0<11.0.5 | |
| GitLab | >=11.1.0<11.1.2 | |
| GitLab | >=11.1.0<11.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-14603?
CVE-2018-14603 has a medium severity rating due to the potential for CSRF attacks in GitLab.
How do I fix CVE-2018-14603?
To fix CVE-2018-14603, update GitLab to version 10.8.7, 11.0.5, or 11.1.2 or later.
What components are affected by CVE-2018-14603?
CVE-2018-14603 affects the System Hooks component in GitLab's Test feature.
In which versions of GitLab is CVE-2018-14603 present?
CVE-2018-14603 is present in GitLab versions prior to 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2.
What types of GitLab editions are affected by CVE-2018-14603?
Both the Community and Enterprise Editions of GitLab are affected by CVE-2018-14603.
- agent/type
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/11.0.0
- version/gitlab/11.1.0