Aaron_Dewes

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 12.0 through 17.0.4 GitLab CE/EE versions 17.1 through 17.1.2 GitLab CE/EE versions 17.2 through 17.2.0 **Description** A resource misdirection vulnerability in GitLab allows an attacker to craft a repository import in such a way as to misdirect commits. The issue is related to shortcomings in the authorization procedure, which can be exploited by a remote attacker to replace code in imported CI/CD pipelines. **Recommendations** For GitLab CE/EE versions 12.0 through 17.0.4, update to version 17.0.5 or later. For GitLab CE/EE versions 17.1 through 17.1.2, update to version 17.1.3 or later. For GitLab CE/EE versions 17.2 through 17.2.0, update to version 17.2.1 or later.