CVE-2020-10980

Name of the Vulnerable Software and Affected Versions GitLab EE/CE versions 8.0.rc1 through 12.9

Description The issue is related to a blind Server-Side Request Forgery (SSRF) in the FogBugz integration. SSRF is a type of attack where an attacker can trick a server into making requests to internal or external systems, potentially leading to unauthorized access or information disclosure.

Recommendations For GitLab EE/CE versions 8.0.rc1 through 12.9, consider disabling the FogBugz integration as a temporary workaround until a patch is available. Restrict access to the FogBugz module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.