CVE-2020-10977: 
GitLab vulnerability analysis and mitigation

GitLab Enterprise Edition (EE) and Community Edition (CE) versions 8.5 to 12.9 were found to be vulnerable to a path traversal vulnerability when moving an issue between projects. The vulnerability was disclosed on March 26, 2020, and was assigned the identifier CVE-2020-10977 (GitLab Advisory).

The vulnerability is classified as a path traversal issue (CWE-22) that allows unauthorized access to files. According to the National Vulnerability Database, it received a CVSS v3.1 base score of 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction, while potentially resulting in high confidentiality impact (NVD).

The vulnerability could lead to arbitrary local file read capabilities within the GitLab system. When successfully exploited, it allows an attacker to access files that should be restricted, potentially exposing sensitive information and compromising system confidentiality (GitLab Advisory).

GitLab addressed this vulnerability in versions 12.9.1, 12.8.8, and 12.7.8. Organizations running affected versions are strongly recommended to upgrade to these patched versions immediately to mitigate the risk (GitLab Advisory).