CVE-2018-19571
a vulnerability classified as critical was found in gitlab community edition and enterprise edition up to 11.3.10/11.4.7/11.5.0 (Bug Tracking Software). This vulnerability affects an unknown code of the component Webhooks. The manipulation with an unknown input leads to a server-side request forgery vulnerability. The CWE definition for the vulnerability is CWE-918. The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. As an impact it is known to affect confidentiality, integrity, and availability.