Felipe Cardozo

**Name of the Vulnerable Software and Affected Versions** GitLab Community and Enterprise Edition versions 8.14 through 12.2.1 **Description** An issue was discovered in the Jira integration, which contains a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability is a result of a bypass of the current protection mechanisms against this type of attack. It would allow sending requests to any resources accessible in the local network by the GitLab server. **Recommendations** For GitLab Community and Enterprise Edition versions 8.14 through 12.2.1, consider disabling the Jira integration as a temporary workaround until a patch is available. Restrict access to the Jira integration module to minimize the risk of exploitation.