Ricardobrito

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 16.7 through 17.0.4 GitLab CE/EE versions 17.1 through 17.1.2 GitLab CE/EE versions 17.2 through 17.2.0 **Description** The issue is related to insufficient authorization procedures in GitLab, allowing a remote attacker to gain unauthorized access to protected information. Specifically, an information disclosure vulnerability can expose job artifacts to users without the proper authorization level. **Recommendations** For GitLab CE/EE versions 16.7 through 17.0.4, update to version 17.0.5 or later. For GitLab CE/EE versions 17.1 through 17.1.2, update to version 17.1.3 or later. For GitLab CE/EE versions 17.2 through 17.2.0, update to version 17.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions 16.2 through 16.2.7 GitLab versions 16.3 through 16.3.4 GitLab versions 16.4 through 16.4.0 **Description** An issue has been discovered in GitLab where users were capable of linking CI/CD jobs of private projects which they are not a member of. **Recommendations** For GitLab versions 16.2 through 16.2.7, update to version 16.2.8 or later. For GitLab versions 16.3 through 16.3.4, update to version 16.3.5 or later. For GitLab versions 16.4 through 16.4.0, update to version 16.4.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 13.7 through 15.11.10 GitLab CE/EE versions 16.0 through 16.0.6 GitLab CE/EE versions 16.1 through 16.1.1 **Description** An issue has been discovered in GitLab CE/EE, which allows an attacker to leak the email address of a user who created a service desk issue. **Recommendations** For versions 13.7 through 15.11.10, update to version 15.11.10 or later. For versions 16.0 through 16.0.6, update to version 16.0.6 or later. For versions 16.1 through 16.1.1, update to version 16.1.1 or later.