Go7F0

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 15.6 through 18.7.6 GitLab CE/EE versions 18.8 through 18.8.6 GitLab CE/EE versions 18.9 through 18.9.2 **Description** An authenticated user could potentially disclose metadata from private issues, merge requests, epics, milestones, or commits. This is due to improper filtering during the snippet rendering process under specific conditions. The issue affects GitLab CE/EE. **Recommendations** Update GitLab CE/EE to version 18.7.6 or later. Update GitLab CE/EE to version 18.8.6 or later. Update GitLab CE/EE to version 18.9.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 14.4 through 18.7.5 GitLab CE/EE versions 18.8 through 18.8.5 GitLab CE/EE versions 18.9 through 18.9.1 **Description** An authenticated user with group import permissions could potentially create labels in private projects. This occurred due to incorrect authorization validation during the group import process. The issue affects the group import process under specific circumstances. **Recommendations** GitLab versions prior to 18.7.6 should be updated. GitLab versions prior to 18.8.6 should be updated. GitLab versions prior to 18.9.2 should be updated.

**Name of the Vulnerable Software and Affected Versions** GitLab EE versions 16.7 through 18.6.5 GitLab EE versions 18.7 through 18.7.3 GitLab EE versions 18.8 through 18.8.3 **Description** An authenticated user could potentially access iteration data from private descendant groups. This access was possible by querying the iterations `API endpoint` under specific conditions. **Recommendations** Update GitLab EE to version 18.6.6 or later. Update GitLab EE to version 18.7.4 or later. Update GitLab EE to version 18.8.4 or later.