Akadrian

**Name of the Vulnerable Software and Affected Versions** GitLab versions 4.1 through 16.1.4 GitLab versions 16.2 through 16.2.4 GitLab versions 16.3 through 16.3.0 **Description** An issue has been discovered in GitLab where it was possible to create a URL that would redirect to a different project. **Recommendations** For versions 4.1 through 16.1.4, update to version 16.1.5 or later. For versions 16.2 through 16.2.4, update to version 16.2.5 or later. For versions 16.3 through 16.3.0, update to version 16.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 15.4 through 15.10.7 GitLab CE/EE versions 15.11 through 15.11.6 GitLab CE/EE versions 16.0 through 16.0.1 **Description** An issue has been discovered in GitLab CE/EE where open redirection was possible via HTTP response splitting in the NPM package API. **Recommendations** For versions 15.4 through 15.10.7, update to version 15.10.8 or later. For versions 15.11 through 15.11.6, update to version 15.11.7 or later. For versions 16.0 through 16.0.1, update to version 16.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 15.8 through 15.10.7 GitLab CE/EE versions 15.11 through 15.11.6 GitLab CE/EE versions 16.0 through 16.0.1 **Description** The issue is related to the lack of protection of the web page structure in GitLab, allowing a remote attacker to execute arbitrary code. A reflected XSS was possible when creating new abuse reports, which allows attackers to perform arbitrary actions on behalf of victims. **Recommendations** For versions 15.8 through 15.10.7, update to version 15.10.8 or later. For versions 15.11 through 15.11.6, update to version 15.11.7 or later. For versions 16.0 through 16.0.1, update to version 16.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions 12.1 through 15.7.8 GitLab versions 15.8 through 15.8.4 GitLab versions 15.9 through 15.9.2 **Description** An issue has been discovered in GitLab that allows a project maintainer to extract a Datadog integration API key by modifying the site. This issue is related to the lack of protection for service data, which can be exploited by a remote attacker to impact the confidentiality and integrity of protected information. **Recommendations** For GitLab versions 12.1 through 15.7.8, update to version 15.7.8 or later. For GitLab versions 15.8 through 15.8.4, update to version 15.8.4 or later. For GitLab versions 15.9 through 15.9.2, update to version 15.9.2 or later. As a temporary workaround, consider restricting access to the Datadog integration API key until a patch is available.