|
| Description: | | An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution. The vulnerability is due to improper validation of parameters when uploading files to the Wiki repository via the Wiki API. |
|
| Impact: | | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. A remote, authenticated attacker can exploit the vulnerability by sending a crafted request to the target server. Successful exploitation could result in the execution of arbitrary code as the git user. |
|
| Affected OS: | | Network Device, Solaris, FreeBSD, Windows, Mac OS, iOS, Other Unix, Linux, Others, Android |
|
| Reference: | | https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
https://gitlab.com/gitlab-org/gitlab-ce/issues/53072
|
|