In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks.
{ "severity": "Medium", "cpes": [ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "cpe:2.3:a:gitlab:gitlab:14.3.0:*:*:*:community:*:*:*", "cpe:2.3:a:gitlab:gitlab:14.3.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" ] }