Maruthi12

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 8.0 and later **Description** The issue is related to incorrect handling of the `username` variable, allowing a remote attacker to cause a denial of service. This can lead to the rejection of access to a user's profile page via a specially crafted `username`. **Recommendations** For GitLab CE/EE versions 8.0 and later, consider restricting the use of specially crafted usernames to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 12.6 and later **Description** The issue is related to improper authorization, allowing guest users to create issues for Sentry errors and track their status. This could potentially enable a remote attacker to access confidential data and compromise its integrity. **Recommendations** For GitLab CE/EE versions 12.6 and later, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting guest user access to creating issues for Sentry errors until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Gitlab CE/EE versions 12.2 through 13.4.6 Gitlab CE/EE versions 13.5 through 13.5.4 Gitlab CE/EE versions 13.6 through 13.6.1 **Description** A limited information disclosure issue exists that allows an attacker to view limited information in a user's private profile. **Recommendations** For versions 12.2 through 13.4.6, update to version 13.4.7 or later. For versions 13.5 through 13.5.4, update to version 13.5.5 or later. For versions 13.6 through 13.6.1, update to version 13.6.2 or later.