Note:
This project will be discontinued after December 13, 2021. [more]
2020-03-10
An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control.
| Products | Gitlab |
| Type | Server-Side Request Forgery (SSRF) (CWE-918) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://about.gitlab.com/blog/categories/releases/
• https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ |