Mysteron

**Name of the Vulnerable Software and Affected Versions** GitLab versions 10.5 and later **Description** The issue is a server-side request forgery (SSRF) in GitLab. When requests to the internal network for webhooks are enabled, an unauthenticated attacker can exploit this issue, even on a GitLab instance where registration is disabled. The vulnerability is caused by insecure handling of requests, potentially allowing an attacker to access confidential data and disrupt service. **Recommendations** GitLab versions 10.5 and later: Disable requests to the internal network for webhooks to mitigate the risk of server-side request forgery.