CVE-2019-12442

Name of the Vulnerable Software and Affected Versions: GitLab Enterprise Edition versions 11.7 through 11.11

Description: The issue is related to a lack of input validation and output encoding on the epic details page, resulting in a persistent XSS vulnerability on child epics.

Recommendations: For GitLab Enterprise Edition versions 11.7 through 11.11, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the epic details page until a patch is available. Avoid using the epic details page in a way that could introduce malicious input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.