CVE-2020-10078: 
GitLab vulnerability analysis and mitigation

CVE-2020-10078 is a stored cross-site scripting (XSS) vulnerability discovered in GitLab versions 12.1 through 12.8.1. The vulnerability specifically affects the merge request submission form. The issue was reported by security researcher @ashish_r_padelkar and was patched in GitLab version 12.8.2, released on March 4, 2020 (GitLab Release).

The vulnerability is classified as a stored cross-site scripting (XSS) vulnerability that affects the merge request submission form in GitLab. The issue affects GitLab versions from 12.1 up to version 12.8.1, allowing potential attackers to store and execute malicious scripts through the merge request submission functionality (GitLab Release).

As a stored XSS vulnerability, successful exploitation could allow attackers to execute arbitrary JavaScript code in the context of other users' browsers when they view affected merge request submissions. This could potentially lead to session hijacking, credential theft, or other client-side attacks (GitLab Release).

GitLab has addressed this vulnerability in versions 12.8.2, 12.7.7, and 12.6.8. The recommended mitigation is to upgrade to these or later versions. GitLab strongly recommends that all installations running affected versions should be upgraded to the latest version as soon as possible (GitLab Release).