An issue exists in GitLab Community and Enterprise Edition 10.7.4 up to and including 12.4 in the InternalRedirect filtering feature. It has an Open Redirect.
gitlab gitlab