When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited.
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited.
https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/322926 https://hackerone.com/reports/1110131