Executive Summary

GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized external users to perform Server Side Requests via the CI Lint API.

CVSS Score: 9.0/10.0
Severity: CRITICAL

Affected Systems

  • GitLab Community and Enterprise Editions

Detection & Mitigation

  • Apply vendor patches as soon as available
  • Monitor for indicators of compromise
  • Review vendor advisories for specific guidance

References