Michael Trainor

**Name of the Vulnerable Software and Affected Versions** GitLab-EE (affected versions not specified) **Description** The issue is related to a patch in the third-party library Consul, which requires the 'enable-script-checks' setting to be set to False. This setting is necessary to enable a patch provided by the vendor. Without this setting, the patch could be bypassed. **Recommendations** To resolve the issue, set 'enable-script-checks' to False in the Consul library configuration. This change is required to ensure the patch is effective and cannot be bypassed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gitlab CE/EE versions 13.6 through 15.11.10 Gitlab CE/EE versions 16.0 through 16.0.6 Gitlab CE/EE versions 16.1 through 16.1.1 **Description** An information disclosure issue resulted in the Sidekiq log including webhook tokens when the log format was set to `default`. **Recommendations** For versions 13.6 through 15.11.10, update to version 15.11.10 or later. For versions 16.0 through 16.0.6, update to version 16.0.6 or later. For versions 16.1 through 16.1.1, update to version 16.1.1 or later.