Shells3Con

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 16.9 through 17.4.5 GitLab CE/EE versions 17.5 through 17.5.3 GitLab CE/EE versions 17.6 through 17.6.1 **Description** An issue has been discovered in GitLab CE/EE, where an unauthorized user can retrieve branch names by using a specific GraphQL query under specific conditions. This is related to a lack of authorization in the GraphQL Query Handler component. The exploitation of this issue may allow a remote attacker to access confidential information. **Recommendations** For GitLab CE/EE versions 16.9 through 17.4.5, update to version 17.4.6 or later. For GitLab CE/EE versions 17.5 through 17.5.3, update to version 17.5.4 or later. For GitLab CE/EE versions 17.6 through 17.6.1, update to version 17.6.2 or later. As a temporary workaround, consider restricting access to the GraphQL query endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitLab versions prior to 16.4.3 GitLab versions 16.5 through 16.5.3 GitLab versions 16.6 through 16.6.1 **Description** An issue has been discovered in GitLab that allows a malicious actor to bypass prohibited branch checks using a specially crafted branch name, which can be used to manipulate repository content in the UI. **Recommendations** For versions prior to 16.4.3, update to version 16.4.3 or later. For versions 16.5 through 16.5.3, update to version 16.5.3 or later. For versions 16.6 through 16.6.1, update to version 16.6.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions 16.2 through 16.2.7 GitLab versions 16.3 through 16.3.4 GitLab versions 16.4 through 16.4.0 **Description** An issue has been discovered in GitLab, allowing an attacker to read the source code of a project through a fork created before changing visibility to only project members. **Recommendations** For GitLab versions 16.2 through 16.2.7, update to version 16.2.8 or later. For GitLab versions 16.3 through 16.3.4, update to version 16.3.5 or later. For GitLab versions 16.4 through 16.4.0, update to version 16.4.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions 12.9 through 16.0.7 GitLab versions 16.1 through 16.1.2 GitLab versions 16.2 through 16.2.1 **Description** An issue has been discovered in GitLab where it was possible to leak a user's email via an error message for groups that restrict membership by email domain. **Recommendations** For versions 12.9 through 16.0.7, update to version 16.0.8 or later. For versions 16.1 through 16.1.2, update to version 16.1.3 or later. For versions 16.2 through 16.2.1, update to version 16.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions 13.11 through 15.8.4 GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 **Description** An issue has been discovered in GitLab where a project member demoted to a user role could read project updates by doing a diff with a pre-existing fork. **Recommendations** For versions 13.11 through 15.8.4, update to version 15.8.5 or later. For versions 15.9 through 15.9.3, update to version 15.9.4 or later. For versions 15.10 through 15.10.0, update to version 15.10.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions 11.10 through 15.8.4 GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 **Description** An issue has been discovered in GitLab that allows an attacker to disclose branch names when they have a fork of a project that was switched to private. **Recommendations** For versions 11.10 through 15.8.4, update to version 15.8.5 or later. For versions 15.9 through 15.9.3, update to version 15.9.4 or later. For versions 15.10 through 15.10.0, update to version 15.10.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 13.7 through 14.10.4 GitLab CE/EE versions 15.0 through 15.0.3 GitLab CE/EE versions 15.1 through 15.1.0 **Description** An improper authorization issue in GitLab CE/EE allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of. **Recommendations** For versions 13.7 through 14.10.4, update to version 14.10.5 or later. For versions 15.0 through 15.0.3, update to version 15.0.4 or later. For versions 15.1 through 15.1.0, update to version 15.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 8.12 through 14.8.6 GitLab CE/EE versions 14.9 through 14.9.4 GitLab CE/EE versions 14.10 through 14.10.1 **Description** The issue is related to improper access control in GitLab CE/EE, allowing non-project members to access the contents of Project Members-only Wikis. This is possible through malicious CI jobs. **Recommendations** For versions 8.12 through 14.8.6, update to version 14.8.6 or later. For versions 14.9 through 14.9.4, update to version 14.9.4 or later. For versions 14.10 through 14.10.1, update to version 14.10.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 13.7 through 14.0.8 GitLab CE/EE versions 14.1 through 14.1.3 GitLab CE/EE versions 14.2 through 14.2.1 **Description** The issue is related to a stored Cross-Site Scripting vulnerability in the DataDog integration of GitLab. This vulnerability is associated with insufficient protection of the `api keys url` web page structure. An attacker can exploit this vulnerability to conduct cross-site scripting attacks, allowing them to execute arbitrary JavaScript code on the victim's behalf. **Recommendations** For GitLab CE/EE versions 13.7 through 14.0.8, update to version 14.0.9 or later. For GitLab CE/EE versions 14.1 through 14.1.3, update to version 14.1.4 or later. For GitLab CE/EE versions 14.2 through 14.2.1, update to version 14.2.2 or later. As a temporary workaround, consider restricting access to the DataDog integration until a patch is applied.