CVE-2020-10092: 
GitLab vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was discovered in GitLab versions 12.1 through 12.8.1, specifically affecting a particular view relating to the Grafana integration. The vulnerability was identified and reported by security researcher @xanbanx, and was subsequently assigned identifier CVE-2020-10092. The issue was addressed in GitLab's security release 12.8.2 released on March 4, 2020 (GitLab Advisory).

The vulnerability is classified as a cross-site scripting (XSS) issue that specifically affected the Grafana integration view in GitLab. The CVSS v3.1 base score for this vulnerability is 6.1 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating that the vulnerability is network exploitable, requires low attack complexity, needs no privileges, but does require user interaction (NVD).

The vulnerability could allow an attacker to execute malicious scripts in the context of the affected Grafana integration view, potentially leading to unauthorized access to sensitive information or manipulation of user data within the GitLab instance (GitLab Advisory).

GitLab strongly recommends that all installations running affected versions be upgraded to version 12.8.2 or later as soon as possible. The vulnerability has been fixed in GitLab versions 12.8.2, 12.7.7, and 12.6.8, released on March 4, 2020 (GitLab Advisory).