CVE-2018-14364

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-14364

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14364.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-14364

Related

CGA-vj53-p49q-9gw6

Published

2018-07-18T19:29:00.213Z

Modified

2026-04-10T04:05:50.145168Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

Fixed

ba3d9cf06aa7f2e77362ec32dd43f04ae1c6608c

Introduced

Fixed

ba3d9cf06aa7f2e77362ec32dd43f04ae1c6608c

Introduced

342f33beb2ce090cfabfd0a5e7327b78d04588bb

Fixed

6b5c78f6ca15386fd084425daaefb299412c9adc

Introduced

342f33beb2ce090cfabfd0a5e7327b78d04588bb

Fixed

6b5c78f6ca15386fd084425daaefb299412c9adc

Introduced

c6f72ac9a88521257991aa9a0cc6d558126f5bb9

Fixed

3350cd6004d8e80c55af990a1b5ccd60a6bf5350

Introduced

c6f72ac9a88521257991aa9a0cc6d558126f5bb9

Fixed

3350cd6004d8e80c55af990a1b5ccd60a6bf5350

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "10.7.7"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "10.7.7"
        },
        {
            "introduced": "10.8.0"
        },
        {
            "fixed": "10.8.6"
        },
        {
            "introduced": "10.8.0"
        },
        {
            "fixed": "10.8.6"
        },
        {
            "introduced": "11.0"
        },
        {
            "fixed": "11.0.4"
        },
        {
            "introduced": "11.0"
        },
        {
            "fixed": "11.0.4"
        }
    ]
}

Affected versions

v1.*

v1.2.0

v1.2.0pre

v1.2.1

v1.2.2

v10.*

v10.7.0-ee

v10.7.0-rc1-ee

v10.7.0-rc2-ee

v10.7.0-rc3-ee

v10.7.0-rc4-ee

v10.7.0-rc5-ee

v10.7.0-rc6-ee

v10.7.0-rc7-ee

v10.7.1-ee

v10.7.2-ee

v10.7.3-ee

v10.7.4-ee

v10.7.5-ee

v10.7.6-ee

v10.8.0-ee

v10.8.0-rc1-ee

v10.8.0-rc10-ee

v10.8.0-rc11-ee

v10.8.0-rc12-ee

v10.8.0-rc13-ee

v10.8.0-rc2-ee

v10.8.0-rc3-ee

v10.8.0-rc4-ee

v10.8.0-rc5-ee

v10.8.0-rc6-ee

v10.8.0-rc7-ee

v10.8.0-rc8-ee

v10.8.0-rc9-ee

v10.8.1-ee

v10.8.2-ee

v10.8.3-ee

v10.8.4-ee

v10.8.5-ee

v11.*

v11.0.0-ee

v11.0.0-rc1-ee

v11.0.0-rc10-ee

v11.0.0-rc11-ee

v11.0.0-rc12-ee

v11.0.0-rc13-ee

v11.0.0-rc14-ee

v11.0.0-rc2-ee

v11.0.0-rc3-ee

v11.0.0-rc4-ee

v11.0.0-rc5-ee

v11.0.0-rc6-ee

v11.0.0-rc7-ee

v11.0.0-rc8-ee

v11.0.0-rc9-ee

v11.0.1-ee

v11.0.2-ee

v11.0.3-ee

v2.*

v2.3.0

v2.3.0pre

v2.3.1

v2.4.0

v2.4.0pre

v2.4.1

v2.5.0

v2.6.0

v2.6.0pre

v2.6.1

v2.6.2

v2.6.3

v2.7.0

v2.7.0pre

v2.8.0

v2.8.0pre

v2.8.1

v2.8.2

v2.9.0

v2.9.1

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v4.*

v4.0.0

v4.0.0rc1

v4.0.0rc2

v5.*

v5.0.0

v5.1.0

v5.2.0

v6.*

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.3.0-ee

v6.3.1-ee

v6.4.0-ee

v6.5.0-ee

v6.6.0-ee

v6.7.0-ee

v6.7.0.rc1-ee

v6.8.0-ee

v7.*

v7.0.0-ee

v7.1.0-ee

v7.1.0.rc1-ee

v7.2.0.rc1-ee

v7.2.0.rc2-ee

v7.2.0.rc3-ee

v7.2.0.rc4-ee

v7.2.0.rc5-ee

v7.3.0-ee

v7.3.0.rc1-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14364.json"