Ricardo Brito

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 11.11 through 16.10.6 GitLab CE/EE versions 16.11 through 16.11.3 GitLab CE/EE versions 17.0 through 17.0.1 **Description** An issue has been discovered in GitLab CE/EE where a Guest user can view dependency lists of private projects through job artifacts. **Recommendations** For versions 11.11 through 16.10.6, update to version 16.10.6 or later to resolve the issue. For versions 16.11 through 16.11.3, update to version 16.11.3 or later to resolve the issue. For versions 17.0 through 17.0.1, update to version 17.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to job artifacts for Guest users until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GitLab versions 16.2 through 16.2.4 GitLab versions 16.3 through 16.3.0 **Description** An issue has been discovered in GitLab due to improper permission validation, making it possible to create model experiments in public projects. **Recommendations** For GitLab versions 16.2 through 16.2.4, update to version 16.2.5 or later. For GitLab versions 16.3 through 16.3.0, update to version 16.3.1 or later.