Modhanami

**Name of the Vulnerable Software and Affected Versions** Nextcloud versions prior to 2.7.2 **Description** Authenticated users can verify if arbitrary files are linked to specific approval workflows used for requesting approval. **Recommendations** Update to version 2.7.2.

Name of the Vulnerable Software and Affected Versions GitLab EE versions 11.3 through 18.8.9, 18.9 through 18.9.5, and 18.10 through 18.10.3 Description GitLab EE was found to have improper authorization checks in the API. This allowed an authenticated user with developer-role permissions to modify protected environment settings. Recommendations Update to GitLab EE version 18.8.9 or later. Update to GitLab EE version 18.9.5 or later. Update to GitLab EE version 18.10.3 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab EE versions 17.11 through 18.7.4 GitLab EE versions 18.8 through 18.8.4 GitLab EE versions 18.9 through 18.9.0 **Description** A flaw existed in GitLab EE that, under specific circumstances, could have allowed Developer-role users with limited permissions to perform unauthorized changes to protected Conan packages. **Recommendations** Update GitLab EE to version 18.7.5 or later. Update GitLab EE to version 18.8.5 or later. Update GitLab EE to version 18.9.1 or later.

**Name of the Vulnerable Software and Affected Versions** BeyondTrust (affected versions not specified) CyberArk Conjur versions prior to 15.2.0 **Description** A critical flaw exists that allows for pre-authentication remote code execution. The issue affects enterprise vaults and allows privilege escalation in secrets management. **Recommendations** Update CyberArk Conjur to version 15.2.0. At the moment, there is no information about a newer version that contains a fix for this vulnerability.