CVE-2020-10956

2020-03-2719:15:11

Google

osv.dev

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.8%

JSON

GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.

CPENameOperatorVersion
gitlabeq2.6.2
gitlabeq1.0.2
gitlabeq8.12.0-rc2-ee
gitlabeq8.12.0-rc1
gitlabeq6.7.1
gitlabeq8.11.0-rc3-ee
gitlabeq8.12.0-rc6-ee
gitlabeq2.4.0
gitlabeq4.0.0rc1
gitlabeq4.0.0rc2

Name	Operator	Version
gitlab	eq	2.6.2
gitlab	eq	1.0.2
gitlab	eq	8.12.0-rc2-ee
gitlab	eq	8.12.0-rc1
gitlab	eq	6.7.1
gitlab	eq	8.11.0-rc3-ee
gitlab	eq	8.12.0-rc6-ee
gitlab	eq	2.4.0
gitlab	eq	4.0.0rc1
gitlab	eq	4.0.0rc2