GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-03-27
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-27
Page 45