CVE-2018-16049
First published: Wed Oct 03 2018(Updated: )
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=8.10.0<11.0.6 | |
| GitLab | >=8.10.0<11.0.6 | |
| GitLab | >=11.1.0<11.1.5 | |
| GitLab | >=11.1.0<11.1.5 | |
| GitLab | >=11.2.0<11.2.2 | |
| GitLab | >=11.2.0<11.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-16049?
CVE-2018-16049 has a medium severity rating due to its potential for sensitive data disclosure.
How do I fix CVE-2018-16049?
To fix CVE-2018-16049, upgrade GitLab Community or Enterprise Edition to version 11.0.6, 11.1.5, or 11.2.2 or later.
Which versions of GitLab are affected by CVE-2018-16049?
CVE-2018-16049 affects GitLab versions before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2.
What kind of data can be exposed due to CVE-2018-16049?
CVE-2018-16049 may lead to the exposure of sensitive data through Sidekiq logs.
Is CVE-2018-16049 related to GitLab Community and Enterprise Editions?
Yes, CVE-2018-16049 affects both GitLab Community and Enterprise Editions.
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/8.10.0
- version/gitlab/11.1.0
- version/gitlab/11.2.0