CVE-2018-3710

Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.

Link	Resource
https://hackerone.com/reports/302959	Permissions Required
https://gitlab.com/gitlab-org/gitlab-ce/issues/41757	Vendor Advisory
https://gitlab.com/gitlab-com/infrastructure/issues/3510	Vendor Advisory
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/	Vendor Advisory
https://www.debian.org/security/2018/dsa-4145	Third Party Advisory

Configuration 1

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

---

Published : 2018-03-21 08:29

Updated : 2019-10-09 11:40

---

NVD link : CVE-2018-3710

Mitre link : CVE-2018-3710

No products.

CWE-22