An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.
CVSS Score
5.4
EPSS Score
0.001
Published
2019-09-09
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVSS Score
3.5
EPSS Score
0.001
Published
2019-09-09
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.1.4. It uses Hard-coded Credentials.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-08-29
Page 51