GitLab has released a security patch updates the entire system, version 12.1.2, 12.0.4 and 11.11.7, including Community Edition and Enterprise Edition. These versions include important security updates is strongly recommended that all GitLab install the update immediately, Update Now, update now! ! ! These security issues affecting GitLab CE / EE 10.6 and later versions.
Vulnerabilities include:
- GitHub Integration SSRF
- Trigger Token Impersonation
- Build Status Disclosure
- SSRF Mitigation Bypass
- Information Disclosure New Issue ID
- IDOR Label Name Enumeration
- Persistent XSS Wiki Pages
- User Revokation Bypass with Mattermost Integration
- Arbitrary File Upload via Import Project Archive
- Information Disclosure Vulnerability Feedback
- Persistent XSS via Email
- Denial Of Service Epic Comments
- Email Verification Bypass
- Override Merge Request Approval Rules
About the vulnerability detailed description see:
https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/