CVE-2018-18645

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-18645
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18645.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-18645
Downstream
Related
Published
2018-12-04T23:29:00.617Z
Modified
2026-04-10T04:07:16.869706Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d8c4fbccad2c28592750ca414044eca41cbc3a33
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d8c4fbccad2c28592750ca414044eca41cbc3a33
Introduced
1bbe39452664021af90851aef8527ce5e850343e
Fixed
877f8a6c235e9c4ee8c2b6d87e67fb905b1dbadd
Introduced
1bbe39452664021af90851aef8527ce5e850343e
Fixed
877f8a6c235e9c4ee8c2b6d87e67fb905b1dbadd
Introduced
cfe266cbac3c5d413e9c061fff420630e517005f
Fixed
dce6f33d6514170150fabdfd3b172071c0b73edd
Introduced
cfe266cbac3c5d413e9c061fff420630e517005f
Fixed
dce6f33d6514170150fabdfd3b172071c0b73edd
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "11.2.7"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "11.2.7"
        },
        {
            "introduced": "11.3.0"
        },
        {
            "fixed": "11.3.8"
        },
        {
            "introduced": "11.3.0"
        },
        {
            "fixed": "11.3.8"
        },
        {
            "introduced": "11.4.0"
        },
        {
            "fixed": "11.4.3"
        },
        {
            "introduced": "11.4.0"
        },
        {
            "fixed": "11.4.3"
        }
    ]
}

Affected versions

v1.*
v1.2.0
v1.2.0pre
v1.2.1
v1.2.2
v11.*
v11.2.0-ee
v11.2.0-rc1-ee
v11.2.0-rc10-ee
v11.2.0-rc2-ee
v11.2.0-rc3-ee
v11.2.0-rc4-ee
v11.2.0-rc5-ee
v11.2.0-rc6-ee
v11.2.0-rc7-ee
v11.2.0-rc8-ee
v11.2.0-rc9-ee
v11.2.1-ee
v11.2.2-ee
v11.2.3-ee
v11.2.4-ee
v11.2.5-ee
v11.2.6-ee
v11.3.0-ee
v11.3.0-rc1-ee
v11.3.0-rc10-ee
v11.3.0-rc11-ee
v11.3.0-rc2-ee
v11.3.0-rc3-ee
v11.3.0-rc4-ee
v11.3.0-rc5-ee
v11.3.0-rc6-ee
v11.3.0-rc7-ee
v11.3.0-rc8-ee
v11.3.0-rc9-ee
v11.3.1-ee
v11.3.2-ee
v11.3.3-ee
v11.3.4-ee
v11.3.5-ee
v11.3.6-ee
v11.3.7-ee
v11.4.0-ee
v11.4.1-ee
v11.4.2-ee
v2.*
v2.3.0
v2.3.0pre
v2.3.1
v2.4.0
v2.4.0pre
v2.4.1
v2.5.0
v2.6.0
v2.6.0pre
v2.6.1
v2.6.2
v2.6.3
v2.7.0
v2.7.0pre
v2.8.0
v2.8.0pre
v2.8.1
v2.8.2
v2.9.0
v2.9.1
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.1.0
v4.*
v4.0.0
v4.0.0rc1
v4.0.0rc2
v5.*
v5.0.0
v5.1.0
v5.2.0
v6.*
v6.0.0-ee
v6.0.0-ee.beta
v6.0.0-ee.rc1
v6.1.0-ee
v6.3.0-ee
v6.3.1-ee
v6.4.0-ee
v6.5.0-ee
v6.6.0-ee
v6.7.0-ee
v6.7.0.rc1-ee
v6.8.0-ee
v7.*
v7.0.0-ee
v7.1.0-ee
v7.1.0.rc1-ee
v7.2.0.rc1-ee
v7.2.0.rc2-ee
v7.2.0.rc3-ee
v7.2.0.rc4-ee
v7.2.0.rc5-ee
v7.3.0-ee
v7.3.0.rc1-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18645.json"