An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.
{
"source": "CPE_RANGE",
"cpe": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "13.10.0"
}
]
}