Published: 21/03/2018 Updated: 28/02/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gitlab gitlab
debian debian linux 9.0

Debian Bug report logs - #888508 gitlab: multiple CVEs from GitLab Security Release: 1034, 1026, and 1016 advisory Package: src:gitlab; Maintainer for src:gitlab is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fr ...

Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code: CVE-2017-0915 / CVE-2018-3710 Arbitrary code execution in project import CVE-2017-0916 Command injection via Webhooks CVE-2017-0917 Cross-site scripting in CI job output CVE-2017-0918 Insufficient restriction of CI runner for proj ...

CWE-22 https://hackerone.com/reports/302959 https://gitlab.com/gitlab-org/gitlab-ce/issues/41757 https://gitlab.com/gitlab-com/infrastructure/issues/3510 https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/https://www.debian.org/security/2018/dsa-4145 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888508 https://nvd.nist.gov https://www.debian.org/security/./dsa-4145

CVE-2018-3710

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect