Description
Gitlab CI Lint API allows validating CI/CD YAML configuration from remote servers. It doesn't require authentication. An attacker may use this feature to perform SSRF (Server-side request forgery) attacks on the server.
Remediation
Upgrade to the latest version of Gitlab
References
Related Vulnerabilities
Liferay TunnelServlet Deserialization Remote Code Execution
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-9066)
WordPress Plugin Visualizer:Tables and Charts Manager for WordPress Multiple Vulnerabilities (3.3.0)
Oracle Business Intelligence Convert XXE CVE-2019-2767
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17670)