CVE-2020-10980
Description
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
GitLab EE/CE 8.0.rc1 to 12.9 vulnerable to blind SSRF in FogBugz integration, allowing internal network probing.
Vulnerability
GitLab EE/CE versions 8.0.rc1 to 12.9 are vulnerable to a blind SSRF in the FogBugz integration [2]. The integration does not properly validate URLs, allowing server-side requests to arbitrary hosts.
Exploitation
An attacker with the ability to configure the FogBugz integration (e.g., an administrator) can supply a URL pointing to internal network addresses. The server will make a request to that URL, but the response is not returned, making it a blind SSRF. The attacker can infer results based on response timing or error messages.
Impact
This blind SSRF enables an attacker to probe internal network services, potentially discovering open ports, services, or sensitive information. This can lead to further attacks against internal infrastructure.
Mitigation
GitLab released version 12.9.1 on March 26, 2020, which fixes this vulnerability [2]. Users should upgrade to 12.9.1 or later. No workaround is available.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- GitLab/GitLab EE/CEdescription
- Range: 8.0.rc1 - 12.9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/mitrex_refsource_CONFIRM
- about.gitlab.com/releases/categories/releases/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.