Wi11

**Name of the Vulnerable Software and Affected Versions** Gitlab CE/EE versions 12.7 through 14.5.4 Gitlab CE/EE versions 14.6 through 14.6.4 Gitlab CE/EE versions 14.7 through 14.7.1 **Description** The issue is related to improper access control, allowing project non-members to retrieve issue details when it is linked to an item from the vulnerability dashboard. **Recommendations** For versions 12.7 through 14.5.4, update to a version outside of this range to resolve the issue. For versions 14.6 through 14.6.4, update to a version outside of this range to resolve the issue. For versions 14.7 through 14.7.1, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GitLab EE versions 11.1 through 14.3.5 GitLab EE versions 14.4 through 14.4.3 GitLab EE versions 14.5 through 14.5.1 **Description** The issue allows a user to add comments to a vulnerability that they cannot access due to incorrect authorization. **Recommendations** For versions 11.1 through 14.3.5, update to version 14.3.6 or later. For versions 14.4 through 14.4.3, update to version 14.4.4 or later. For versions 14.5 through 14.5.1, update to version 14.5.2 or later.