CVE-2018-18649

High

9.8/10

Summary

An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

References

Advisory Timeline

Published Nov 29, 2018

CVE-2018-18649

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS