Allele Security Intelligence - ASA-2018-00038 – Gitlab: SSRF in Kubernetes integration

Allele Security Alert

ASA-2018-00038

Identifier(s)

ASA-2018-00038, CVE-2018-18843

Title

SSRF in Kubernetes integration

Vendor(s)

Gitlab

Product(s)

GitLab Enterprise Edition (EE)

Affected version(s)

GitLab EE 11.0 and later

Fixed version(s)

GitLab EE 11.4.4, 11.3.9, 11.2.8

Proof of concept

Unknown

Description

The GitLab Kubernetes integration was vulnerable to a SSRF issue which could allow an attacker to make requests to access any internal URLs.

Reference(s)

GitLab Critical Security Release: 11.4.4, 11.3.9, 11.2.8
https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/

CVE-2018-18843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18843

CVE-2018-18843
https://nvd.nist.gov/vuln/detail/CVE-2018-18843

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: November 8, 2018

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.

ASA-2018-00038 – Gitlab: SSRF in Kubernetes integration

Allele Security Alert

ASA-2018-00038

Identifier(s)

Title

Vendor(s)

Product(s)

Affected version(s)

Fixed version(s)

Proof of concept

Description

Reference(s)

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.

Like this:

Related

Allele Security Alert

ASA-2018-00038

Identifier(s)

Title

Vendor(s)

Product(s)

Affected version(s)

Fixed version(s)

Proof of concept

Description

Reference(s)

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.

Share this:

Like this:

Related