Indoappsecon

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 17.0 through 17.0.3 GitLab CE/EE versions 17.1 through 17.1.1 **Description** The issue is related to insufficient access control in the `admin push rules` function of the Project-level Deploy Token Handler component in GitLab. This could allow a remote attacker to create project-level deploy tokens. A Guest user with the `admin push rules` permission may have been able to exploit this issue. **Recommendations** For GitLab CE/EE versions 17.0 through 17.0.3, update to version 17.0.4 or later. For GitLab CE/EE versions 17.1 through 17.1.1, update to version 17.1.2 or later. As a temporary workaround, consider restricting the `admin push rules` permission to minimize the risk of exploitation.