Hi @Sunchezz89! Thanks for reaching out.
Recently, a GitLab user posted a blog about the exploitation of a known vulnerability which has been previously disclosed and assigned CVE-2020-10977. GitLab EE/CE 8.5 to 12.9 is vulnerable to a path traversal when moving an issue between projects.
This issue was remediated and patched in the 12.9.1 release in March 2020.
Upgrading to the latest security release for your supported version is part of good security hygiene. We strongly recommend that all users confirm they are running the latest version of GitLab to ensure they are up-to-date with current security releases. Users should update immediately if needed.
GitLab releases patches for vulnerabilities in dedicated security releases. There are two types of security releases: a monthly, scheduled security release, released a week after the feature release (which deploys on the 22nd of each month), and ad-hoc security releases for critical vulnerabilities. You can see all of our release updates on our update page and view regular and security release blog posts here. In addition, the issues detailing each vulnerability are made public on our issue tracker 30 days after the release in which they were patched.
Keep yours instance safe and updated
You can read more best practices in securing your GitLab instance in our blog post. You can subscribe to receive Security Notices in your inbox, receive security blog updates through our rss feed or follow us on twitter for release updates.
Let me know if this raises any other questions! Thanks!