Drew Stachon

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 7.14 through 15.3.4 GitLab CE/EE versions 15.4 through 15.4.3 GitLab CE/EE versions 15.5 through 15.5.1 **Description** The issue is related to improper authorization, allowing a user to take ownership of retried jobs in an upstream pipeline when retrying a job in a downstream pipeline, even without access to the project. This occurs when a user retries a job in a downstream pipeline. **Recommendations** For GitLab CE/EE versions 7.14 through 15.3.4, update to version 15.3.5 or later. For GitLab CE/EE versions 15.4 through 15.4.3, update to version 15.4.4 or later. For GitLab CE/EE versions 15.5 through 15.5.1, update to version 15.5.2 or later.