VulnerableCode Package Details - pkg:alpm/archlinux/gitlab@11.4.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-237a-hwkp-47ep Aliases: CVE-2018-18648	An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message.	11.4.3-1 Affected by 0 other vulnerabilities.
VCID-4nq8-46us-fqdx Aliases: CVE-2018-18643	GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.	11.4.3-1 Affected by 0 other vulnerabilities.
VCID-818r-vkyn-dfg3 Aliases: CVE-2018-18646	An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF.	11.4.3-1 Affected by 0 other vulnerabilities.
VCID-b892-qn91-h7aa Aliases: CVE-2018-18645	An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies.	11.4.3-1 Affected by 0 other vulnerabilities.
VCID-de67-fg42-33fc Aliases: CVE-2018-18642	An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS.	11.4.3-2 Affected by 0 other vulnerabilities.
VCID-j3h8-a8dz-nbc3 Aliases: CVE-2018-18649	An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution.	11.4.3-1 Affected by 0 other vulnerabilities.
VCID-mwwz-cchk-xqef Aliases: CVE-2018-18843	The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.	11.4.3-2 Affected by 0 other vulnerabilities.
VCID-nm3h-6p78-skgt Aliases: CVE-2018-18644	An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.	11.4.3-2 Affected by 0 other vulnerabilities.
VCID-pkf7-7s21-17a8 Aliases: CVE-2018-18640	An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching.	11.4.3-1 Affected by 0 other vulnerabilities.
VCID-tnfb-sr49-ykhd Aliases: CVE-2018-18647	An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization.	11.4.3-2 Affected by 0 other vulnerabilities.
VCID-vybv-n2a8-qugs Aliases: CVE-2018-18641	An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.	11.4.3-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-237a-hwkp-47ep
Aliases:
CVE-2018-18648

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message.

11.4.3-1
Affected by 0 other vulnerabilities.

VCID-4nq8-46us-fqdx
Aliases:
CVE-2018-18643

GitLab CE & EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 have Persistent XSS.

11.4.3-1
Affected by 0 other vulnerabilities.

VCID-818r-vkyn-dfg3
Aliases:
CVE-2018-18646

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF.

11.4.3-1
Affected by 0 other vulnerabilities.

VCID-b892-qn91-h7aa
Aliases:
CVE-2018-18645

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies.

11.4.3-1
Affected by 0 other vulnerabilities.

VCID-de67-fg42-33fc
Aliases:
CVE-2018-18642

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has XSS.

11.4.3-2
Affected by 0 other vulnerabilities.

VCID-j3h8-a8dz-nbc3
Aliases:
CVE-2018-18649

An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution.

11.4.3-1
Affected by 0 other vulnerabilities.

VCID-mwwz-cchk-xqef
Aliases:
CVE-2018-18843

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSRF.

11.4.3-2
Affected by 0 other vulnerabilities.

VCID-nm3h-6p78-skgt
Aliases:
CVE-2018-18644

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows Information Exposure via a Gitlab Prometheus integration.

11.4.3-2
Affected by 0 other vulnerabilities.

VCID-pkf7-7s21-17a8
Aliases:
CVE-2018-18640

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through Browser Caching.

11.4.3-1
Affected by 0 other vulnerabilities.

VCID-tnfb-sr49-ykhd
Aliases:
CVE-2018-18647

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Missing Authorization.

11.4.3-2
Affected by 0 other vulnerabilities.

VCID-vybv-n2a8-qugs
Aliases:
CVE-2018-18641

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Cleartext Storage of Sensitive Information.

11.4.3-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:26:00.708858+00:00	Arch Linux Importer	Affected by	VCID-de67-fg42-33fc	https://security.archlinux.org/AVG-802	38.0.0
2026-04-01T18:26:00.685442+00:00	Arch Linux Importer	Affected by	VCID-nm3h-6p78-skgt	https://security.archlinux.org/AVG-802	38.0.0
2026-04-01T18:26:00.657107+00:00	Arch Linux Importer	Affected by	VCID-tnfb-sr49-ykhd	https://security.archlinux.org/AVG-802	38.0.0
2026-04-01T18:26:00.627386+00:00	Arch Linux Importer	Affected by	VCID-mwwz-cchk-xqef	https://security.archlinux.org/AVG-802	38.0.0
2026-04-01T18:24:33.815475+00:00	Arch Linux Importer	Affected by	VCID-pkf7-7s21-17a8	https://security.archlinux.org/AVG-794	38.0.0
2026-04-01T18:24:33.791651+00:00	Arch Linux Importer	Affected by	VCID-vybv-n2a8-qugs	https://security.archlinux.org/AVG-794	38.0.0
2026-04-01T18:24:33.767246+00:00	Arch Linux Importer	Affected by	VCID-4nq8-46us-fqdx	https://security.archlinux.org/AVG-794	38.0.0
2026-04-01T18:24:33.740142+00:00	Arch Linux Importer	Affected by	VCID-b892-qn91-h7aa	https://security.archlinux.org/AVG-794	38.0.0
2026-04-01T18:24:33.715303+00:00	Arch Linux Importer	Affected by	VCID-818r-vkyn-dfg3	https://security.archlinux.org/AVG-794	38.0.0
2026-04-01T18:24:33.691783+00:00	Arch Linux Importer	Affected by	VCID-237a-hwkp-47ep	https://security.archlinux.org/AVG-794	38.0.0
2026-04-01T18:24:33.667941+00:00	Arch Linux Importer	Affected by	VCID-j3h8-a8dz-nbc3	https://security.archlinux.org/AVG-794	38.0.0