CVE-2018-19571
CVE-2018-19571
GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
Affected products
n/a · n/apublic PoCs found — 7
githubgithub.com/Algafix/gitlab-RCE-11.4.7★ 3githubgithub.com/xenophil90/edb-49263-fixed★ 0githubgithub.com/CS4239-U6/gitlab-ssrf★ 0cve_referencepacketstormsecurity.com/files/160699/GitLab-11.4.7-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/160516/GitLab-11.4.7-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49334unverifiedexploitdbwww.exploit-db.com/exploits/49257unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/160516/GitLab-11.4.7-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/160699/GitLab-11.4.7-Remote-Code-Execution.htmlhttps://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/https://gitlab.com/gitlab-org/gitlab-ce/issues/53242