The Jihu

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 13.0 through 15.0.5 GitLab CE/EE versions 15.1 through 15.1.4 GitLab CE/EE versions 15.2 through 15.2.1 **Description** The issue is related to a lack of cascading deletes, allowing a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted. Although the APIs usable by that token are limited, this still poses a risk. **Recommendations** For GitLab CE/EE versions 13.0 through 15.0.5, update to version 15.0.5 or later. For GitLab CE/EE versions 15.1 through 15.1.4, update to version 15.1.4 or later. For GitLab CE/EE versions 15.2 through 15.2.1, update to version 15.2.1 or later.