Michael Kozono

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 14.0 through 14.3.5 GitLab CE/EE versions 14.4 through 14.4.3 GitLab CE/EE versions 14.5 through 14.5.1 **Description** The reset password token and new user email token are accidentally logged, which may lead to information disclosure. **Recommendations** For GitLab CE/EE versions 14.0 through 14.3.5, update to version 14.3.6 or later. For GitLab CE/EE versions 14.4 through 14.4.3, update to version 14.4.4 or later. For GitLab CE/EE versions 14.5 through 14.5.1, update to version 14.5.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab Community and Enterprise Edition versions 11.0.0 through 11.0.6 GitLab Community and Enterprise Edition versions 11.1.x through 11.1.5 GitLab Community and Enterprise Edition versions 11.2.x through 11.2.2 **Description** An issue was discovered that leads to Orphaned Upload Files Exposure. **Recommendations** For GitLab Community and Enterprise Edition versions 11.0.0 through 11.0.6, update to version 11.0.6 or later. For GitLab Community and Enterprise Edition versions 11.1.x through 11.1.5, update to version 11.1.5 or later. For GitLab Community and Enterprise Edition versions 11.2.x through 11.2.2, update to version 11.2.2 or later.