An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.
An issue has been discovered in GitLab CE/EE affecting all previous versions If the victim is an admin, it was possible to issue a cross-site request forgery (CSRF) in System hooks through the API The issue is fixed in GitLab versions 13101, 1395 and 1387 ...