CVE-2018-18645

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-18645

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18645.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-18645

Downstream

UBUNTU-CVE-2018-18645

Published

2018-12-04T23:29:00.617Z

Modified

2025-11-20T11:32:40.752956Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d8c4fbccad2c28592750ca414044eca41cbc3a33

Affected versions

v1.*

v1.0.2

v1.1.0pre

v1.2.0

v1.2.0pre

v1.2.1

v1.2.2

v10.*

v10.1.0.pre

v10.2.0.pre

v10.3.0.pre

v10.4.0.pre

v10.5.0.pre

v10.6.0.pre

v10.7.0.pre

v10.8.0.pre

v10.9.0.pre

v11.*

v11.0.0.pre

v11.1.0.pre

v11.2.0

v11.2.0-ee

v11.2.0-rc1-ee

v11.2.0-rc10

v11.2.0-rc10-ee

v11.2.0-rc2

v11.2.0-rc2-ee

v11.2.0-rc3

v11.2.0-rc3-ee

v11.2.0-rc4-ee

v11.2.0-rc5

v11.2.0-rc5-ee

v11.2.0-rc6

v11.2.0-rc6-ee

v11.2.0-rc7

v11.2.0-rc7-ee

v11.2.0-rc8

v11.2.0-rc8-ee

v11.2.0-rc9

v11.2.0-rc9-ee

v11.2.0.pre

v11.2.1

v11.2.1-ee

v11.2.2

v11.2.2-ee

v11.2.3-ee

v11.2.4-ee

v11.2.5-ee

v11.2.6-ee

v2.*

v2.0.0

v2.1.0

v2.2.0

v2.2.0pre

v2.3.0

v2.3.0pre

v2.3.1

v2.4.0

v2.4.0pre

v2.4.1

v2.5.0

v2.6.0

v2.6.0pre

v2.6.1

v2.6.2

v2.6.3

v2.7.0

v2.7.0pre

v2.8.0

v2.8.0pre

v2.8.1

v2.8.2

v2.9.0

v2.9.1

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v4.*

v4.0.0

v4.0.0rc1

v4.0.0rc2

v5.*

v5.0.0

v5.1.0

v5.2.0

v5.3.0

v6.*

v6.0.0

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.2.0

v6.2.1

v6.2.2

v6.3.0

v6.3.0-ee

v6.3.1-ee

v6.4.0

v6.4.0-ee

v6.4.0.pre1

v6.4.0.pre2

v6.4.0.pre3

v6.4.1

v6.4.2

v6.4.3

v6.5.0

v6.5.0-ee

v6.5.0.rc1

v6.5.1

v6.6.0

v6.6.0-ee

v6.6.0.pre1

v6.6.0.rc1

v6.6.1

v6.6.2

v6.7.0-ee

v6.7.0.rc1

v6.7.0.rc1-ee

v6.7.1

v6.7.2

v6.8.0

v6.8.0-ee

v6.8.0.rc1

v6.8.1

v6.9.0.rc1

v7.*

v7.0.0

v7.0.0-ee

v7.0.0.rc1

v7.1.0

v7.1.0-ee

v7.1.0.rc1

v7.1.0.rc1-ee

v7.2.0.rc1

v7.2.0.rc1-ee

v7.2.0.rc2

v7.2.0.rc2-ee

v7.2.0.rc3

v7.2.0.rc3-ee

v7.2.0.rc4

v7.2.0.rc4-ee

v7.2.0.rc5

v7.2.0.rc5-ee

v7.3.0

v7.3.0-ee

v7.3.0.rc1

v7.3.0.rc1-ee

v7.4.0

v7.4.0-ee

v7.4.1

v7.4.1-ee

v7.4.2

v7.4.2-ee

v7.4.3

v7.4.3-ee

v7.4.4-ee

v8.*

v8.10.0.pre

v8.11.0

v8.11.0-ee

v8.11.0-rc1

v8.11.0-rc1-ee

v8.11.0-rc2

v8.11.0-rc2-ee

v8.11.0-rc3

v8.11.0-rc3-ee

v8.11.0-rc4

v8.11.0-rc4-ee

v8.11.0-rc5

v8.11.0-rc5-ee

v8.11.0-rc6

v8.11.0-rc6-ee

v8.11.0-rc7

v8.11.0-rc7-ee

v8.11.0.pre

v8.11.1

v8.12.0

v8.12.0-ee

v8.12.0-rc1

v8.12.0-rc1-ee

v8.12.0-rc2

v8.12.0-rc2-ee

v8.12.0-rc3

v8.12.0-rc3-ee

v8.12.0-rc4

v8.12.0-rc4-ee

v8.12.0-rc5

v8.12.0-rc5-ee

v8.12.0-rc6

v8.12.0-rc6-ee

v8.12.0-rc7

v8.12.0-rc7-ee

v8.12.0.pre

v8.12.1

v8.12.1-ee

v8.12.2

v8.12.2-ee

v8.12.3-ee

v8.13.0.pre

v8.14.0.pre

v8.15.0.pre

v8.16.0.pre

v8.17.0.pre

v8.18.0.pre

v8.2.0-ee

v8.2.0.rc1

v8.2.0.rc1-ee

v8.2.0.rc2

v8.2.0.rc2-ee

v8.4.0.rc1

v8.8.0

v8.8.0-ee

v8.8.0-rc1

v8.8.0-rc1-ee

v8.8.0-rc2

v8.8.0-rc2-ee

v8.8.1-ee

v9.*

v9.1.0.pre

v9.2.0.pre

v9.3.0.pre

v9.5.0.pre

v9.6.0.pre

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18645.json"