CVE-2018-17450

MEDIUM Year: 2018
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token.

Related Vulnerabilities

CVE-2017-15029

MEDIUM
CVSS:4.3(Medium)

Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.

CWE-9182017

CVE-2017-18036

MEDIUM
CVSS:4.3(Medium)

The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Requ...

CWE-9182017

CVE-2018-1000185

MEDIUM
CVSS:4.3(Medium)

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET...

CWE-9182018

CVE-2018-1999039

MEDIUM
CVSS:4.3(Medium)

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an att...

CWE-9182018

CVE-2019-1003020

MEDIUM
CVSS:4.3(Medium)

A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET ...

CWE-9182019

CVE-2019-1003026

MEDIUM
CVSS:4.3(Medium)

A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jen...

CWE-9182019