Imreradon

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 13.11 through 16.10.5 GitLab CE/EE versions 16.11 through 16.11.2 GitLab CE/EE versions 17.0 through 17.0.0 **Description** A CSRF vulnerability exists within GitLab CE/EE. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS). This could allow a remote attacker to perform a CSRF attack. **Recommendations** For GitLab CE/EE versions 13.11 through 16.10.5, update to version 16.10.6 or later. For GitLab CE/EE versions 16.11 through 16.11.2, update to version 16.11.3 or later. For GitLab CE/EE versions 17.0 through 17.0.0, update to version 17.0.1 or later. As a temporary workaround, consider restricting access to the Kubernetes Agent Server (KAS) to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 15.5 through 16.9.7 GitLab CE/EE versions 16.10 through 16.10.5 GitLab CE/EE versions 16.11 through 16.11.2 **Description** The issue is related to Server Side Request Forgery (SSRF) in GitLab CE/EE. An attacker can exploit this by using a malicious URL in the markdown image value when importing a GitHub repository. This allows a remote attacker to perform an SSRF attack due to insufficient server-side request validation. **Recommendations** For GitLab CE/EE versions 15.5 through 16.9.7, update to version 16.9.7 or later. For GitLab CE/EE versions 16.10 through 16.10.5, update to version 16.10.5 or later. For GitLab CE/EE versions 16.11 through 16.11.2, update to version 16.11.2 or later. As a temporary workaround, consider restricting the use of markdown image values when importing GitHub repositories until a patch is available.