Salh4Ck

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 15.0 through 17.4.5 GitLab CE/EE versions 17.5 through 17.5.3 GitLab CE/EE versions 17.6 through 17.6.1 **Description** The issue is related to insufficient authorization procedures in the Public Project Handler component of GitLab, allowing remote attackers to access protected information. Specifically, non-member users can view unresolved threads marked as internal notes in public projects' merge requests. **Recommendations** For GitLab CE/EE versions 15.0 through 17.4.5, update to version 17.4.6 or later. For GitLab CE/EE versions 17.5 through 17.5.3, update to version 17.5.4 or later. For GitLab CE/EE versions 17.6 through 17.6.1, update to version 17.6.2 or later.