CVE-2018-10379

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2....

Basic Information

CVE State: PUBLISHED
Reserved Date: April 25, 2018
Published Date: May 31, 2018
Last Updated: August 05, 2024
Vendor: GitLab
Product: GitLab Community Edition (CE), GitLab Enterprise Edition (EE)
Description: An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.

CVSS Scores

CVSS v2.0

4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Score

Score: 0.06% (Percentile: 19.69%) as of 2025-05-22

Exploit Status

Exploited in the Wild: Yes (2025-04-23 21:33:20 UTC) Source

References

https://about.gitlab.com/2018/04/30/security-release-gitlab-10-dot-7-dot-2-released/ http://www.securityfocus.com/bid/104491

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-04-23 21:33:20 UTC

Timeline

CVE ID Reserved

April 25, 2018
CVE Published to Public

May 31, 2018
Added to KEVIntel

April 23, 2025