Rodrigo Tomonari

**Name of the Vulnerable Software and Affected Versions** GitLab versions 10.6 through 16.1.5 GitLab versions 16.2 through 16.2.5 GitLab versions 16.3 through 16.3.1 **Description** An issue has been discovered in GitLab where any user can read limited information about any project's imports. **Recommendations** For GitLab versions 10.6 through 16.1.5, update to version 16.1.5 or later. For GitLab versions 16.2 through 16.2.5, update to version 16.2.5 or later. For GitLab versions 16.3 through 16.3.1, update to version 16.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 16.0 through 16.0.5 GitLab CE/EE version 16.1.0 **Description** An information disclosure issue in GitLab CE/EE allows unauthenticated actors to access the import error information if a project was imported from GitHub. **Recommendations** For GitLab CE/EE versions 16.0 through 16.0.5, update to version 16.0.6 or later. For GitLab CE/EE version 16.1.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to project import error information until a patch is available.