CVE-2018-19495

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-19495

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19495.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-19495

Related

CGA-rqrv-hcjw-2629

Published

2019-07-10T15:15:11.993Z

Modified

2026-04-10T04:08:49.612426Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

Fixed

97bf583178874e2617c347c33ca30b9b33b97402

Introduced

Fixed

97bf583178874e2617c347c33ca30b9b33b97402

Introduced

cfe266cbac3c5d413e9c061fff420630e517005f

Fixed

966cce5bfe657c7676dcc02125bb89bd3f067887

Introduced

cfe266cbac3c5d413e9c061fff420630e517005f

Fixed

966cce5bfe657c7676dcc02125bb89bd3f067887

Introduced

cb71fca38c3de0c212685f97a46ee8426f63d301

Fixed

cab68f5d2035026e5e29ef68b79fdfe5ca90f947

Introduced

cb71fca38c3de0c212685f97a46ee8426f63d301

Fixed

cab68f5d2035026e5e29ef68b79fdfe5ca90f947

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "11.3.11"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "11.3.11"
        },
        {
            "introduced": "11.4.0"
        },
        {
            "fixed": "11.4.8"
        },
        {
            "introduced": "11.4.0"
        },
        {
            "fixed": "11.4.8"
        },
        {
            "introduced": "11.5.0"
        },
        {
            "fixed": "11.5.1"
        },
        {
            "introduced": "11.5.0"
        },
        {
            "fixed": "11.5.1"
        }
    ]
}

Affected versions

v1.*

v1.2.0

v1.2.0pre

v1.2.1

v1.2.2

v11.*

v11.3.0-ee

v11.3.0-rc1-ee

v11.3.0-rc10-ee

v11.3.0-rc11-ee

v11.3.0-rc2-ee

v11.3.0-rc3-ee

v11.3.0-rc4-ee

v11.3.0-rc5-ee

v11.3.0-rc6-ee

v11.3.0-rc7-ee

v11.3.0-rc8-ee

v11.3.0-rc9-ee

v11.4.0-rc1-ee

v11.4.0-rc2-ee

v11.4.0-rc3-ee

v11.5.0-ee

v2.*

v2.3.0

v2.3.0pre

v2.3.1

v2.4.0

v2.4.0pre

v2.4.1

v2.5.0

v2.6.0

v2.6.0pre

v2.6.1

v2.6.2

v2.6.3

v2.7.0

v2.7.0pre

v2.8.0

v2.8.0pre

v2.8.1

v2.8.2

v2.9.0

v2.9.1

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.1.0

v4.*

v4.0.0

v4.0.0rc1

v4.0.0rc2

v5.*

v5.0.0

v5.1.0

v5.2.0

v6.*

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.3.0-ee

v6.3.1-ee

v6.4.0-ee

v6.5.0-ee

v6.6.0-ee

v6.7.0-ee

v6.7.0.rc1-ee

v6.8.0-ee

v7.*

v7.0.0-ee

v7.1.0-ee

v7.1.0.rc1-ee

v7.2.0.rc1-ee

v7.2.0.rc2-ee

v7.2.0.rc3-ee

v7.2.0.rc4-ee

v7.2.0.rc5-ee

v7.3.0-ee

v7.3.0.rc1-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19495.json"