Chad Woolley

**Name of the Vulnerable Software and Affected Versions** GitLab Remote Development versions prior to 16.5.6 GitLab Remote Development version 16.6 prior to 16.6.4 GitLab Remote Development version 16.7 prior to 16.7.2 **Description** The issue is related to improper access control in GitLab Remote Development, allowing an attacker to create a workspace in one group associated with an agent from another group. This can be exploited by a remote attacker to elevate their privileges. **Recommendations** For GitLab Remote Development versions prior to 16.5.6, update to version 16.5.6 or later. For GitLab Remote Development version 16.6 prior to 16.6.4, update to version 16.6.4 or later. For GitLab Remote Development version 16.7 prior to 16.7.2, update to version 16.7.2 or later.