Ac7N0

**Name of the Vulnerable Software and Affected Versions** GitLab EE versions 16.5 through 17.2.7 GitLab EE versions 17.3 through 17.3.3 GitLab EE versions 17.4 through 17.4.0 **Description** An information disclosure issue has been discovered in GitLab EE. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting. **Recommendations** For versions 16.5 through 17.2.7, update to version 17.2.8 or later. For versions 17.3 through 17.3.3, update to version 17.3.4 or later. For versions 17.4 through 17.4.0, update to version 17.4.1 or later. As a temporary workaround, consider restricting access to the Dependency Proxy setting until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions prior to 16.10.6 GitLab CE/EE version 16.11 prior to 16.11.3 GitLab CE/EE version 17.0 prior to 17.0.1 **Description** An issue has been discovered in GitLab CE/EE where a runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources. **Recommendations** For versions prior to 16.10.6, update to version 16.10.6 or later. For version 16.11 prior to 16.11.3, update to version 16.11.3 or later. For version 17.0 prior to 17.0.1, update to version 17.0.1 or later.