Rpadovani

**Name of the Vulnerable Software and Affected Versions** GitLab EE/CE versions 10.8 through 12.9 **Description** The issue is related to the leakage of metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page. **Recommendations** For GitLab EE/CE versions 10.8 through 12.9, update to a version that contains a fix for this issue to prevent metadata and comments leakage.

**Name of the Vulnerable Software and Affected Versions** GitLab versions 12.2 through 12.8.1 **Description** A denial of service issue was found, impacting the designs for public issues. **Recommendations** For GitLab versions 12.2 through 12.8.1, update to a version that contains a fix for this issue to prevent denial of service attacks.

Name of the Vulnerable Software and Affected Versions: GitLab Enterprise Edition and Community Edition versions 1.10 through 12.0.2 Description: An issue was discovered in the GitLab graphql service, which was vulnerable to multiple authorization issues. These issues disclosed restricted user, group, and repository metadata to unauthorized users due to Incorrect Access Control. Recommendations: For versions 1.10 through 12.0.2, update to a version that includes the fix for the authorization issues in the GitLab graphql service to prevent disclosure of restricted metadata to unauthorized users.

**Name of the Vulnerable Software and Affected Versions** GitLab EE versions 8.8 through 12.7.2 **Description** The issue concerns insecure permissions in GitLab EE. **Recommendations** For GitLab EE versions 8.8 through 12.7.2, update to a version later than 12.7.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GitLab versions prior to 12.7.3 **Description** The issue allows for cross-site scripting (XSS), which is a type of attack where an attacker can inject malicious scripts into a website. **Recommendations** For versions prior to 12.7.3, update to version 12.7.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 12.3.5 GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 12.2.8 GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 12.1.14 **Description** An access control issue exists where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration. **Recommendations** For versions prior to 12.3.5, update to version 12.3.5 or later to resolve the issue. For versions prior to 12.2.8, update to version 12.2.8 or later to resolve the issue. For versions prior to 12.1.14, update to version 12.1.14 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Gitlab EE versions prior to 12.3.3 Gitlab EE versions prior to 12.2.7 Gitlab EE versions prior to 12.1.13 **Description** An issue exists that allows the group search feature with Elasticsearch to return private code, merge requests, and commits due to improper access control. **Recommendations** For versions prior to 12.3.3, update to version 12.3.3 or later. For versions prior to 12.2.7, update to version 12.2.7 or later. For versions prior to 12.1.13, update to version 12.1.13 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab Community and Enterprise Edition versions 9.x through 11.7.x GitLab Community and Enterprise Edition versions 11.6.x through 11.6.5 GitLab Community and Enterprise Edition versions 11.7.x through 11.7.0 GitLab Community and Enterprise Edition version 11.5.7 and earlier **Description** The issue is related to incorrect access control. A user retains their role within a project in a private group after being removed from the group, if their privileges within the project are different from the group. **Recommendations** For GitLab Community and Enterprise Edition versions 9.x through 11.5.7, update to version 11.5.8 or later. For GitLab Community and Enterprise Edition versions 11.6.x through 11.6.5, update to version 11.6.6 or later. For GitLab Community and Enterprise Edition versions 11.7.x through 11.7.0, update to version 11.7.1 or later.