Bull

**Name of the Vulnerable Software and Affected Versions** GitLab EE versions 14.2 through 15.9.5 GitLab EE versions 15.10 through 15.10.4 GitLab EE versions 15.11 through 15.11.0 **Description** An issue has been discovered in GitLab EE, where a lack of verification on the `RelayState` parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature is not enabled by default. **Recommendations** For GitLab EE versions 14.2 through 15.9.5, update to version 15.9.6 or later. For GitLab EE versions 15.10 through 15.10.4, update to version 15.10.5 or later. For GitLab EE versions 15.11 through 15.11.0, update to version 15.11.1 or later. As a temporary workaround, consider restricting access to the `RelayState` parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions prior to 11.4.13 GitLab Community and Enterprise Edition versions 11.5.x prior to 11.5.6 GitLab Community and Enterprise Edition versions 11.6.x prior to 11.6.1 Description: The issue is related to Incorrect Access Control. Recommendations: For GitLab Community and Enterprise Edition versions prior to 11.4.13, update to version 11.4.13 or later. For GitLab Community and Enterprise Edition versions 11.5.x prior to 11.5.6, update to version 11.5.6 or later. For GitLab Community and Enterprise Edition versions 11.6.x prior to 11.6.1, update to version 11.6.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab Community and Enterprise Edition versions 11.3.x through 11.3.10 GitLab Community and Enterprise Edition versions 11.4.x through 11.4.7 GitLab Community and Enterprise Edition versions 11.5.x through 11.5.0 **Description** An issue was discovered in the Prometheus integration, which is affected by a Server-Side Request Forgery (SSRF) issue. This allows an attacker to make unauthorized requests. **Recommendations** For GitLab Community and Enterprise Edition versions 11.3.x through 11.3.10, update to version 11.3.11 or later. For GitLab Community and Enterprise Edition versions 11.4.x through 11.4.7, update to version 11.4.8 or later. For GitLab Community and Enterprise Edition versions 11.5.x through 11.5.0, update to version 11.5.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab Community and Enterprise Edition versions prior to 11.2.7 GitLab Community and Enterprise Edition versions 11.3.x prior to 11.3.8 GitLab Community and Enterprise Edition versions 11.4.x prior to 11.4.3 **Description** An issue was discovered that allows Server-Side Request Forgery (SSRF). **Recommendations** For versions prior to 11.2.7, update to version 11.2.7 or later. For versions 11.3.x prior to 11.3.8, update to version 11.3.8 or later. For versions 11.4.x prior to 11.4.3, update to version 11.4.3 or later.