CVE-2021-39895

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.0 and later

Description: The issue allows an attacker to set pipeline schedules to be active in a project export. When an unsuspecting owner imports that project, pipelines are active by default, potentially leading to information disclosure if the project is imported from an untrusted source.

Recommendations: For GitLab CE/EE versions 8.0 and later, consider disabling pipeline schedules by default for imported projects to minimize the risk of information disclosure. As a temporary workaround, restrict the ability to import projects from untrusted sources until a more permanent solution is available.