Login Sign Up

CVE-2018-17452

9.8 CRITICAL
SSRF

📋 TL;DR

This Server-Side Request Forgery (SSRF) vulnerability in GitLab allows attackers to make the server send requests to internal network services via loopback addresses. It affects GitLab Community and Enterprise Edition installations with specific versions, potentially exposing internal services to unauthorized access.

💻 Affected Systems

Products:
  • GitLab Community Edition
  • GitLab Enterprise Edition
Versions: Before 11.1.7, 11.2.x before 11.2.4, 11.3.x before 11.3.1
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with affected versions are vulnerable regardless of configuration.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive internal services, exfiltrate data, or pivot to other systems within the network, potentially leading to full network compromise.

🟠

Likely Case

Unauthorized access to internal services running on loopback interfaces, potentially exposing configuration data, credentials, or other sensitive information.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, though internal services remain at risk.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 11.1.7, 11.2.4, or 11.3.1

Vendor Advisory: https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/

Restart Required: Yes

Instructions:

1. Backup your GitLab installation and database. 2. Update to GitLab 11.1.7, 11.2.4, or 11.3.1 using your package manager. 3. Restart GitLab services. 4. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict GitLab server's network access to internal services using firewall rules.

🧯 If You Can't Patch

  • Implement strict network access controls to limit GitLab server's ability to reach internal services
  • Monitor for unusual outbound connections from GitLab to internal IP addresses

🔍 How to Verify

Check if Vulnerable:

Check GitLab version via admin interface or command line. If version is before 11.1.7, 11.2.x before 11.2.4, or 11.3.x before 11.3.1, the system is vulnerable.

Check Version:

sudo gitlab-rake gitlab:env:info | grep 'GitLab version'

Verify Fix Applied:

Confirm GitLab version is 11.1.7, 11.2.4, or 11.3.1 or later.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from GitLab to internal IP addresses
  • Failed authentication attempts followed by SSRF attempts

Network Indicators:

  • HTTP requests from GitLab server to internal services on loopback addresses
  • Unusual traffic patterns from GitLab to non-standard ports

SIEM Query:

source="gitlab" AND (dest_ip=127.0.0.1 OR dest_ip=::1 OR dest_ip=localhost) AND http_request

📊 Metadata

CVE ID: CVE-2018-17452
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-918
Published: April 15, 2023
Last Updated: February 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-17452, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)