The host is installed with GitLab CE/EE 1.0 before 15.6.7, 15.7 before 15.7.6 or 15.8 before 15.8.1 and is prone to a cross site request forgery vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows attackers to take over a project if an owner or maintainer uploads a file to a malicious project.