CVE-2020-7972: 
GitLab vulnerability analysis and mitigation

A security vulnerability was discovered in GitLab Enterprise Edition (EE) version 12.0 and later, identified as CVE-2020-7972. The vulnerability involved an email confirmation bypass using an API endpoint that could be used to circumvent email verification requirements. This issue was disclosed and patched on January 30, 2020 (GitLab Release).

The vulnerability was related to insecure permissions in GitLab EE 12.2, specifically involving an API endpoint that could be exploited to bypass email verification requirements. The issue was discovered by security researcher @whitehattushu who responsibly reported it to GitLab (GitLab Release).

The vulnerability could allow attackers to bypass email verification requirements, potentially compromising the authentication system's integrity and allowing unauthorized access to accounts without proper email verification (GitLab Release).

GitLab addressed this vulnerability in versions 12.7.4, 12.6.6, and 12.5.9 for both Community Edition (CE) and Enterprise Edition (EE). Users running affected versions were strongly recommended to upgrade to the latest version as soon as possible to mitigate the risk (GitLab Release).