Maksyche

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions 3.19.1 through 3.19.5 GitHub Enterprise Server versions 3.20.0 through 3.20.1 **Description** A reflected HTML injection issue exists in the Management Console login page. The `redirect to` query parameter on the '/setup/unlock' endpoint is reflected into an HTML attribute without proper sanitization. This allows an attacker to inject a form element to capture administrator credentials if an administrator clicks a crafted link and enters their credentials. **Recommendations** Update versions 3.19.1 through 3.19.5 to version 3.19.6. Update versions 3.20.0 through 3.20.1 to version 3.20.2.

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.0.0 through 18.8.8, 18.9.0 through 18.9.4, and 18.10.0 through 18.10.2 Description GitLab EE versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 contained an issue in Code Quality reports that could allow an authenticated user to leak IP addresses of users viewing the report through specially crafted content. Recommendations GitLab EE versions 18.0.0 through 18.8.8 should be updated to version 18.8.9 or later. GitLab EE versions 18.9.0 through 18.9.4 should be updated to version 18.9.5 or later. GitLab EE versions 18.10.0 through 18.10.2 should be updated to version 18.10.3 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 14.3 through 18.8.6 GitLab CE/EE versions 18.9 through 18.9.2 GitLab CE/EE versions 18.10 through 18.10.0 **Description** An issue exists in GitLab CE/EE related to Jira Connect installations where an authenticated user with minimal workspace permissions could potentially obtain installation credentials and impersonate the GitLab application. This is due to improper authorization checks. **Recommendations** Update GitLab CE/EE to version 18.8.7 or later. Update GitLab CE/EE to version 18.9.3 or later. Update GitLab CE/EE to version 18.10.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 17.10 through 18.8.6 GitLab CE/EE versions 18.9 through 18.9.2 GitLab CE/EE versions 18.10 through 18.10.0 **Description** An issue exists in GitLab CE/EE that could allow an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users. This is due to insufficient Cross-Site Request Forgery (CSRF) protection. **Recommendations** Update GitLab CE/EE to version 18.8.7 or later. Update GitLab CE/EE to version 18.9.3 or later. Update GitLab CE/EE to version 18.10.1 or later.

**Name of the Vulnerable Software and Affected Versions** Svelte versions prior to 5.53.5 **Description** Errors originating from the `transformError` function were not properly sanitized before being included in the HTML output. This could lead to potential HTML injection and cross-site scripting (XSS) if the `transformError` function returns content controlled by an attacker. The `transformError` function is responsible for handling and formatting errors during the transformation process. **Recommendations** Update to Svelte version 5.53.5 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 18.7 through 18.7.3 GitLab CE/EE versions 18.8 through 18.8.3 **Description** An unauthenticated user could cause a denial of service through CPU exhaustion by submitting specially crafted markdown files. These files trigger exponential processing during markdown preview, leading to resource exhaustion. **Recommendations** Update GitLab CE/EE to version 18.7.4 or later. Update GitLab CE/EE to version 18.8.4 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 8.0 through 18.6.5 GitLab CE/EE versions 18.7 through 18.7.3 GitLab CE/EE versions 18.8 through 18.8.3 **Description** GitLab CE/EE is susceptible to a denial of service condition. An unauthenticated user can potentially cause a denial of service by uploading malicious files under specific circumstances. **Recommendations** Upgrade GitLab CE/EE to version 18.6.6 or later. Upgrade GitLab CE/EE to version 18.7.4 or later. Upgrade GitLab CE/EE to version 18.8.4 or later.