An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands.
References
Link | Resource |
---|---|
https://about.gitlab.com/blog/categories/releases/ | Release Notes |
https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
25 Apr 2023, 20:22
Type | Values Removed | Values Added |
---|---|---|
First Time |
Gitlab
Gitlab gitlab |
|
CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:11.3.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:11.3.0:*:*:*:enterprise:*:*:* |
|
CWE | CWE-352 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (CONFIRM) https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ - Release Notes, Vendor Advisory | |
References | (MISC) https://about.gitlab.com/blog/categories/releases/ - Release Notes |
15 Apr 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-15 23:15
Updated : 2023-12-10 15:01
NVD link : CVE-2018-17451
Mitre link : CVE-2018-17451
CVE.ORG link : CVE-2018-17451
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-352
Cross-Site Request Forgery (CSRF)