David Fernandez

**Name of the Vulnerable Software and Affected Versions** GitLab EE versions 14.2 through 15.2.4 GitLab EE versions 15.3 through 15.3.3 GitLab EE versions 15.4 through 15.4.0 **Description** The issue is related to a lack of IP address checking in GitLab EE, which allows a group member to bypass IP restrictions when using a deploy token. **Recommendations** For versions 14.2 through 15.2.4, update to version 15.2.5 or later. For versions 15.3 through 15.3.3, update to version 15.3.4 or later. For versions 15.4 through 15.4.0, update to version 15.4.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions prior to 14.8.6 GitLab versions 14.9 through 14.9.4 GitLab versions 14.10 through 14.10.1 **Description** The issue in GitLab arises from incorrect verification of throttling limits for authenticated package requests, resulting in these limits not being enforced. **Recommendations** For versions prior to 14.8.6, update to version 14.8.6 or later. For versions 14.9 through 14.9.3, update to version 14.9.4 or later. For versions 14.10 through 14.10.0, update to version 14.10.1 or later.