Pwnie

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 13.12 through 18.2.8 GitLab CE/EE versions 18.3 through 18.3.4 GitLab CE/EE versions 18.4 through 18.4.2 **Description** The software is susceptible to a denial of service condition triggered by crafted GraphQL queries requesting large repository blobs. This can lead to the GitLab instance becoming unresponsive or severely degraded. The issue affects the GraphQL API. **Recommendations** Update GitLab CE/EE to a version later than 18.2.8. Update GitLab CE/EE to a version later than 18.3.4. Update GitLab CE/EE to a version later than 18.4.2.

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.7 through 18.1.5 GitLab CE/EE versions 18.2 through 18.2.5 GitLab CE/EE versions 18.3 through 18.3.1 Description: An issue exists in GitLab CE/EE that allows authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large names. Recommendations: GitLab CE/EE versions prior to 18.1.6 should be updated. GitLab CE/EE versions prior to 18.2.6 should be updated. GitLab CE/EE versions prior to 18.3.2 should be updated.

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.8 through 18.1.5 GitLab CE/EE versions 18.2 through 18.2.5 GitLab CE/EE versions 18.3 through 18.3.1 Description: An authenticated user with Developer-level access could cause a persistent denial of service affecting all users on a GitLab instance by uploading large files. Recommendations: Update GitLab CE/EE to version 18.1.6 or later. Update GitLab CE/EE to version 18.2.6 or later. Update GitLab CE/EE to version 18.3.2 or later.

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.0 through 18.1.5 GitLab CE/EE versions 18.2 through 18.2.5 GitLab CE/EE versions 18.3 through 18.3.1 Description: An issue exists in GitLab CE/EE that could allow an authenticated user to disrupt background job processing by submitting specially crafted commit messages, merge request descriptions, or notes. Recommendations: Update GitLab CE/EE to version 18.1.6 or later. Update GitLab CE/EE to version 18.2.6 or later. Update GitLab CE/EE to version 18.3.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 17.1 through 17.5 **Description** An issue was discovered in GitLab CE/EE, which allows an attacker with a maintainer role to trigger a pipeline as the project owner under certain circumstances. **Recommendations** For versions 17.1 through 17.5, update to version 17.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 15.5 through 17.5.5 GitLab CE/EE versions 17.6 through 17.6.3 GitLab CE/EE versions 17.7 through 17.7.1 **Description** An issue was discovered in GitLab CE/EE where unauthorized users could manipulate the status of issues in public projects. **Recommendations** For versions 15.5 through 17.5.5, update to version 17.5.5 or later. For versions 17.6 through 17.6.3, update to version 17.6.3 or later. For versions 17.7 through 17.7.1, update to version 17.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab EE versions 12.5 through 17.2.9 GitLab EE versions 17.3 through 17.3.5 GitLab EE versions 17.4 through 17.4.2 **Description** The issue is related to errors in access control, allowing a remote attacker to run Continuous Integration/Continuous Delivery (CI/CD) pipelines on arbitrary branches of a repository. It is estimated that over 4.1 million services are potentially affected. The vulnerability can be exploited by unauthorized users, posing a significant security risk to IT workflows. **Recommendations** For GitLab EE versions 12.5 through 17.2.9, update to version 17.2.9 or later. For GitLab EE versions 17.3 through 17.3.5, update to version 17.3.5 or later. For GitLab EE versions 17.4 through 17.4.2, update to version 17.4.2 or later. As a temporary workaround, consider restricting access to CI/CD pipelines to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 16.9 prior to 16.9.6 GitLab CE/EE versions 16.10 prior to 16.10.4 GitLab CE/EE versions 16.11 prior to 16.11.1 **Description** The issue is related to incorrect limitation of the path name to a directory with restricted access, which could allow a remote attacker to disclose protected information or cause a denial of service. The vulnerability is associated with path traversal and can lead to restricted file read and denial of service. **Recommendations** For GitLab CE/EE version 16.9 prior to 16.9.6, update to version 16.9.6 or later. For GitLab CE/EE version 16.10 prior to 16.10.4, update to version 16.10.4 or later. For GitLab CE/EE version 16.11 prior to 16.11.1, update to version 16.11.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab EE versions 16.0 through 16.0.5 GitLab EE versions 16.1 through 16.1.0 **Description** A sensitive information leak issue has been discovered, allowing access to titles of private issues and merge requests. **Recommendations** For GitLab EE versions 16.0 through 16.0.5, update to version 16.0.6 or later. For GitLab EE versions 16.1 through 16.1.0, update to version 16.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 13.10 through 15.11.10 GitLab CE/EE versions 16.0 through 16.0.6 GitLab CE/EE versions 16.1 through 16.1.1 **Description** An issue has been discovered in GitLab CE/EE that may allow users to view new commits to private projects in a fork created while the project was public. **Recommendations** For versions 13.10 through 15.11.10, update to version 15.11.10 or later. For versions 16.0 through 16.0.6, update to version 16.0.6 or later. For versions 16.1 through 16.1.1, update to version 16.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions 16.0.0 **Description** The issue is related to a path traversal vulnerability that allows an unauthenticated malicious user to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups. This vulnerability can be exploited by a remote attacker to gain unauthorized access to protected information. The vulnerability is caused by incorrect restriction of the path name to a directory with limited access. **Recommendations** For GitLab version 16.0.0, update to version 16.0.1 to resolve the issue. As a temporary workaround, consider restricting access to public projects with attachments nested within at least five groups until the update is applied. Avoid using attachments in public projects until the issue is resolved.