Gitlab Team

**Name of the Vulnerable Software and Affected Versions** GitLab versions 13.2.4 through 16.10.5 GitLab versions 16.11 through 16.11.2 GitLab versions 17.0 through 17.0.0 **Description** An authorization issue exists where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic, potentially allowing a remote attacker to bypass existing security restrictions. **Recommendations** For GitLab versions 13.2.4 through 16.10.5, update to version 16.10.6 or later. For GitLab versions 16.11 through 16.11.2, update to version 16.11.3 or later. For GitLab versions 17.0 through 17.0.0, update to version 17.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions prior to 13.1 **Description** A vulnerability was discovered that allows private merge requests to be read via Todos under certain conditions. **Recommendations** For versions prior to 13.1, update to version 13.1 or later to resolve the issue.