Mark Chao

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 8.0 up to 11.3.10 GitLab CE/EE versions 11.4 up to 11.4.7 GitLab CE/EE versions 11.5 up to 11.5.0 **Description** The issue allows administrators with access to the logs to see another user's token, as access tokens are logged in the Workhorse logs. **Recommendations** For GitLab CE/EE versions 8.0 up to 11.3.10, update to version 11.3.11 or later. For GitLab CE/EE versions 11.4 up to 11.4.7, update to version 11.4.8 or later. For GitLab CE/EE versions 11.5 up to 11.5.0, update to version 11.5.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab Community and Enterprise Edition versions prior to 11.6.10 GitLab Community and Enterprise Edition versions 11.7.x prior to 11.7.6 GitLab Community and Enterprise Edition versions 11.8.x prior to 11.8.1 **Description** An issue was discovered that allows Information Exposure. **Recommendations** For versions prior to 11.6.10, update to version 11.6.10 or later. For versions 11.7.x prior to 11.7.6, update to version 11.7.6 or later. For versions 11.8.x prior to 11.8.1, update to version 11.8.1 or later.