CVE-2018-14602

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-14602
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14602.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-14602
Related
Published
2018-07-27T02:29:00.297Z
Modified
2026-04-10T04:05:56.391313Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
075705a5f3bd9748d92cf48073bfe9e79b58f385
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
075705a5f3bd9748d92cf48073bfe9e79b58f385
Introduced
c6f72ac9a88521257991aa9a0cc6d558126f5bb9
Fixed
d139d2241939f6a945ebc81b27d7f2cd00ba3aca
Introduced
c6f72ac9a88521257991aa9a0cc6d558126f5bb9
Fixed
d139d2241939f6a945ebc81b27d7f2cd00ba3aca
Introduced
7c11ed8c916a10f6d9c32635986008b48410531f
Fixed
f5babb0352010860e6ba0ee4bc73d4d78efb01c4
Introduced
7c11ed8c916a10f6d9c32635986008b48410531f
Fixed
f5babb0352010860e6ba0ee4bc73d4d78efb01c4
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "10.8.7"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "10.8.7"
        },
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "11.0.5"
        },
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "11.0.5"
        },
        {
            "introduced": "11.1.0"
        },
        {
            "fixed": "11.1.2"
        },
        {
            "introduced": "11.1.0"
        },
        {
            "fixed": "11.1.2"
        }
    ]
}

Affected versions

v1.*
v1.2.0
v1.2.0pre
v1.2.1
v1.2.2
v10.*
v10.8.0-ee
v10.8.0-rc1-ee
v10.8.0-rc10-ee
v10.8.0-rc11-ee
v10.8.0-rc12-ee
v10.8.0-rc13-ee
v10.8.0-rc2-ee
v10.8.0-rc3-ee
v10.8.0-rc4-ee
v10.8.0-rc5-ee
v10.8.0-rc6-ee
v10.8.0-rc7-ee
v10.8.0-rc8-ee
v10.8.0-rc9-ee
v10.8.1-ee
v10.8.2-ee
v10.8.3-ee
v10.8.4-ee
v10.8.5-ee
v10.8.6-ee
v11.*
v11.0.0-ee
v11.0.0-rc1-ee
v11.0.0-rc10-ee
v11.0.0-rc11-ee
v11.0.0-rc12-ee
v11.0.0-rc13-ee
v11.0.0-rc14-ee
v11.0.0-rc2-ee
v11.0.0-rc3-ee
v11.0.0-rc4-ee
v11.0.0-rc5-ee
v11.0.0-rc6-ee
v11.0.0-rc7-ee
v11.0.0-rc8-ee
v11.0.0-rc9-ee
v11.0.1-ee
v11.0.2-ee
v11.0.3-ee
v11.0.4-ee
v11.1.0-ee
v11.1.0-rc1-ee
v11.1.0-rc10-ee
v11.1.0-rc11-ee
v11.1.0-rc12-ee
v11.1.0-rc13-ee
v11.1.0-rc14-ee
v11.1.0-rc2-ee
v11.1.0-rc3-ee
v11.1.0-rc4-ee
v11.1.0-rc5-ee
v11.1.0-rc6-ee
v11.1.0-rc7-ee
v11.1.0-rc8-ee
v11.1.0-rc9-ee
v11.1.1-ee
v2.*
v2.3.0
v2.3.0pre
v2.3.1
v2.4.0
v2.4.0pre
v2.4.1
v2.5.0
v2.6.0
v2.6.0pre
v2.6.1
v2.6.2
v2.6.3
v2.7.0
v2.7.0pre
v2.8.0
v2.8.0pre
v2.8.1
v2.8.2
v2.9.0
v2.9.1
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.1.0
v4.*
v4.0.0
v4.0.0rc1
v4.0.0rc2
v5.*
v5.0.0
v5.1.0
v5.2.0
v6.*
v6.0.0-ee
v6.0.0-ee.beta
v6.0.0-ee.rc1
v6.1.0-ee
v6.3.0-ee
v6.3.1-ee
v6.4.0-ee
v6.5.0-ee
v6.6.0-ee
v6.7.0-ee
v6.7.0.rc1-ee
v6.8.0-ee
v7.*
v7.0.0-ee
v7.1.0-ee
v7.1.0.rc1-ee
v7.2.0.rc1-ee
v7.2.0.rc2-ee
v7.2.0.rc3-ee
v7.2.0.rc4-ee
v7.2.0.rc5-ee
v7.3.0-ee
v7.3.0.rc1-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14602.json"