Allele Security Alert
SSRF in Kubernetes integration
GitLab Enterprise Edition (EE)
GitLab EE 11.0 and later
GitLab EE 11.4.4, 11.3.9, 11.2.8
Proof of concept
The GitLab Kubernetes integration was vulnerable to a SSRF issue which could allow an attacker to make requests to access any internal URLs.
GitLab Critical Security Release: 11.4.4, 11.3.9, 11.2.8
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: November 8, 2018