Them4Les_L1Ron

**Name of the Vulnerable Software and Affected Versions** GitLab EE versions 16.4 through 16.7.5 GitLab EE versions 16.8 through 16.8.2 GitLab EE versions 16.9 through 16.9.0 **Description** An issue has been discovered in GitLab EE, where users with the `Guest` role can change `Custom dashboard projects` settings contrary to their permissions. This is related to deficiencies in the authorization procedure, which can be exploited by a remote attacker to modify the custom dashboard projects settings. **Recommendations** For GitLab EE versions 16.4 through 16.7.5, update to version 16.7.6 or later. For GitLab EE versions 16.8 through 16.8.2, update to version 16.8.3 or later. For GitLab EE versions 16.9 through 16.9.0, update to version 16.9.1 or later. As a temporary workaround, consider restricting the `Guest` role's access to the `Custom dashboard projects` settings until a patch is available.