Cryptopone

**Name of the Vulnerable Software and Affected Versions** GitLab versions prior to 16.2.0 **Description** An issue has been discovered in GitLab where committing directories containing an LF character results in 500 errors when viewing the commit. **Recommendations** For versions prior to 16.2.0, update to version 16.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 7.14 through 15.11.10 GitLab CE/EE versions 16.0 through 16.0.6 GitLab CE/EE versions 16.1 through 16.1.1 **Description** An issue has been discovered in GitLab CE/EE, which allows an attacker to inject HTML in an email address field. **Recommendations** For versions 7.14 through 15.11.10, update to version 15.11.10 or later. For versions 16.0 through 16.0.6, update to version 16.0.6 or later. For versions 16.1 through 16.1.1, update to version 16.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 8.3 through 15.10.7 GitLab CE/EE versions 15.11 through 15.11.6 GitLab CE/EE versions 16.0 through 16.0.1 **Description** A lack of length validation in GitLab CE/EE allows an authenticated attacker to create a large Issue description via GraphQL, which, when repeatedly requested, saturates CPU usage. **Recommendations** For versions 8.3 through 15.10.7, update to version 15.10.8 or later. For versions 15.11 through 15.11.6, update to version 15.11.7 or later. For versions 16.0 through 16.0.1, update to version 16.0.2 or later. As a temporary workaround, consider restricting access to the GraphQL endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 **Description** An issue has been discovered in GitLab where it was possible for an unauthorized user to add child epics linked to a victim's epic in an unrelated group. **Recommendations** For GitLab versions 15.9 through 15.9.3, update to version 15.9.4 or later. For GitLab versions 15.10 through 15.10.0, update to version 15.10.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions 15.6 through 15.8.4 GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 **Description** An issue has been discovered in GitLab, allowing for a cross-site scripting (XSS) attack via a malicious email address for certain instances. **Recommendations** For versions 15.6 through 15.8.4, update to version 15.8.5 or later. For versions 15.9 through 15.9.3, update to version 15.9.4 or later. For versions 15.10 through 15.10.0, update to version 15.10.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions 15.5 through 15.7.7 GitLab versions 15.8 through 15.8.3 GitLab versions 15.9 through 15.9.1 **Description** An issue has been discovered in GitLab due to improper permissions checks, allowing an unauthorized user to read, add, or edit a user's private snippet. **Recommendations** For GitLab versions 15.5 through 15.7.7, update to version 15.7.8 or later. For GitLab versions 15.8 through 15.8.3, update to version 15.8.4 or later. For GitLab versions 15.9 through 15.9.1, update to version 15.9.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions 15.0 through 15.0.1 **Description** An issue has been discovered in GitLab where missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details. **Recommendations** For GitLab versions 15.0 through 15.0.1, update to version 15.0.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of quick actions until a patch is applied.