Ledz1996

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 13.1 through 14.1.2 GitLab CE/EE version 14.0.7 GitLab CE/EE version 13.12.9 **Description** The issue is related to a lack of proper output encoding or escaping in GitLab, a platform for collaborative code development. Under specific conditions, a user could be impersonated using GitLab shell. This allows a remote attacker to gain access to confidential data. **Recommendations** For GitLab CE/EE versions 13.1 through 14.1.2, update to a version outside of this range to resolve the issue. For GitLab CE/EE version 14.0.7, update to a newer version to mitigate the risk. For GitLab CE/EE version 13.12.9, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the GitLab shell until a patch is available.

Name of the Vulnerable Software and Affected Versions: GitLab (affected versions not specified) Description: A path traversal vulnerability via the GitLab Workhorse in GitLab could result in the leakage of a JWT token. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.7.9 through 13.8.7 GitLab CE/EE versions 13.9 through 13.9.5 GitLab CE/EE versions 13.10 through 13.10.1 Description: An issue has been discovered in GitLab CE/EE where a specially crafted Wiki page allowed attackers to read arbitrary files on the server. Recommendations: For versions 13.7.9 through 13.8.7, update to version 13.8.7 or later. For versions 13.9 through 13.9.5, update to version 13.9.5 or later. For versions 13.10 through 13.10.1, update to version 13.10.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions prior to 13.1.10 GitLab versions prior to 13.2.8 GitLab versions prior to 13.3.4 **Description** A vulnerability was discovered that involves an insufficient check in the GraphQL API. This issue allows a maintainer to delete a repository. **Recommendations** For versions prior to 13.1.10, update to version 13.1.10 or later. For versions prior to 13.2.8, update to version 13.2.8 or later. For versions prior to 13.3.4, update to version 13.3.4 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab EE versions 11.3 through 13.1.2 **Description** The issue is related to Incorrect Access Control in GitLab EE due to the Maven package upload endpoint. This allows for unauthorized access. **Recommendations** For GitLab EE versions 11.3 through 13.1.2, consider restricting access to the Maven package upload endpoint as a temporary workaround until a patch is available.