CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-12605

An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.9%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
https://gitlab.com/gitlab-org/gitlab-ce/issues/45168
https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
https://gitlab.com/gitlab-org/gitlab-ce/issues/45168

Products affected by CVE-2018-12605

Gitlab » Gitlab » Version: 10.7.0

cpe:2.3:a:gitlab:gitlab:10.7.0
Gitlab » Gitlab » Version: 10.7.1

cpe:2.3:a:gitlab:gitlab:10.7.1
Gitlab » Gitlab » Version: 10.7.2

cpe:2.3:a:gitlab:gitlab:10.7.2
Gitlab » Gitlab » Version: 10.7.3

cpe:2.3:a:gitlab:gitlab:10.7.3
Gitlab » Gitlab » Version: 10.7.4

cpe:2.3:a:gitlab:gitlab:10.7.4
Gitlab » Gitlab » Version: 10.7.5

cpe:2.3:a:gitlab:gitlab:10.7.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-12605

Products

Pricing

Contact Us