CVE-2018-18649: Gitlab Wiki API Remote Code Execution Vulnerability Alert
Recently, Gitlab officially released a security update notice that revealed a remote code execution vulnerability that could allow an attacker to gain direct access to the server.
The Gitlab Wiki API is a set of interfaces for creating, editing, listing, and deleting Gitlab project wiki pages. The API does not filter effectively when processing external input, causing an attacker to construct a specific malicious request and execute arbitrary code commands on the target server.
Affected version
- Affects GitLab CE/EE 11.3 and later.
Solution
Upgrade Gitlab CE/EE to the latest version, official upgrade guide link.
