CVE-2020-10979
Description
GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
GitLab EE/CE versions 11.10 through 12.9 leak restricted CI pipeline metrics to unauthorized users, allowing information disclosure.
Vulnerability
GitLab EE/CE versions 11.10 through 12.9 contain an information disclosure vulnerability where restricted CI pipeline metrics are exposed to unauthorized users. The issue affects both Community and Enterprise editions. [1]
Exploitation
An attacker with network access to a GitLab instance can view CI pipeline metrics that should be restricted, without requiring authentication or elevated privileges. The vulnerability is triggered by accessing specific endpoints or metrics that fail to enforce access controls. [1]
Impact
Successful exploitation allows an unauthorized user to obtain sensitive information about CI pipeline metrics, potentially revealing details about build processes, environment variables, or other internal data that could aid further attacks. The impact is limited to information disclosure. [1]
Mitigation
The vulnerability is fixed in GitLab version 12.9.1, released on March 26, 2020. Users should upgrade to 12.9.1 or later. No workarounds are documented. [1]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- GitLab/GitLab EE/CEdescription
- Range: >=11.10, <=12.9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/mitrex_refsource_CONFIRM
- about.gitlab.com/releases/categories/releases/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.