Yvvdwf

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions prior to 18.9.2 GitLab CE/EE versions 18.9 through 18.9.1 **Description** An unauthenticated user could potentially cause a denial of service by sending specially crafted GraphQL requests. This is due to uncontrolled recursion under specific conditions. **Recommendations** Update GitLab CE/EE to version 18.9.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 17.1 through 18.4.6 GitLab CE/EE versions 18.5 through 18.5.4 GitLab CE/EE versions 18.6 through 18.6.2 **Description** An authenticated user could perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability code flow displays. The issue affects GitLab CE/EE. **Recommendations** Update GitLab CE/EE to a version after 18.4.6. Update GitLab CE/EE to a version after 18.5.4. Update GitLab CE/EE to a version after 18.6.2.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 18.4 through 18.4.5 GitLab CE/EE versions 18.5 through 18.5.3 GitLab CE/EE versions 18.6 through 18.6.1 **Description** GitLab CE/EE is affected by an issue where an authenticated user could potentially perform unauthorized actions on behalf of another user. This is possible by creating wiki pages containing malicious content. The issue affects specific conditions within the application. **Recommendations** Update GitLab CE/EE to version 18.4.6 or later. Update GitLab CE/EE to version 18.5.4 or later. Update GitLab CE/EE to version 18.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** graphql-ruby versions 1.11.5 through 1.11.7 graphql-ruby versions 1.12.0 through 1.12.24 graphql-ruby versions 1.13.0 through 1.13.23 graphql-ruby versions 2.0.0 through 2.0.31 graphql-ruby versions 2.1.0 through 2.1.13 graphql-ruby versions 2.2.0 through 2.2.16 graphql-ruby versions 2.3.0 through 2.3.20 **Description** The issue allows remote code execution when loading a crafted GraphQL schema. Any system that loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. The vulnerability is related to the `GraphQL::Schema.from introspection` and `GraphQL::Schema::Loader.load` functions. **Recommendations** For versions 1.11.5 through 1.11.7, update to version 1.11.8 or later. For versions 1.12.0 through 1.12.24, update to version 1.12.25 or later. For versions 1.13.0 through 1.13.23, update to version 1.13.24 or later. For versions 2.0.0 through 2.0.31, update to version 2.0.32 or later. For versions 2.1.0 through 2.1.13, update to version 2.1.14 or later. For versions 2.2.0 through 2.2.16, update to version 2.2.17 or later. For versions 2.3.0 through 2.3.20, update to version 2.3.21 or later. As a temporary workaround, consider restricting access to the `GraphQL::Schema.from introspection` and `GraphQL::Schema::Loader.load` functions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 8.14 through 17.1.7 GitLab CE/EE versions 17.2 through 17.2.5 GitLab CE/EE versions 17.3 through 17.3.2 **Description** An issue was discovered in GitLab CE/EE that allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances. This is an authentication bypass vulnerability that can be exploited by an attacker to execute pipeline jobs as arbitrary users, posing a severe risk to development environments. The vulnerability is being actively exploited, and it is estimated that millions of users are affected. **Recommendations** For GitLab CE/EE versions 8.14 through 17.1.7, update to version 17.1.7 or later. For GitLab CE/EE versions 17.2 through 17.2.5, update to version 17.2.5 or later. For GitLab CE/EE versions 17.3 through 17.3.2, update to version 17.3.2 or later. As a temporary workaround, consider restricting access to pipeline jobs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 13.7 through 17.1.7 GitLab CE/EE versions 17.2 through 17.2.5 GitLab CE/EE versions 17.3 through 17.3.2 **Description** An issue has been discovered in GitLab CE/EE that may have allowed an attacker with a victim's CI JOB TOKEN to obtain a GitLab session token belonging to the victim. The vulnerability is related to errors in privilege context switching, which could allow a remote attacker to elevate their privileges and gain unauthorized access to protected information. **Recommendations** For GitLab CE/EE versions 13.7 through 17.1.7, update to version 17.1.7 or later. For GitLab CE/EE versions 17.2 through 17.2.5, update to version 17.2.5 or later. For GitLab CE/EE versions 17.3 through 17.3.2, update to version 17.3.2 or later. As a temporary workaround, consider restricting access to CI JOB TOKEN to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitLab EE versions 16.0 through 17.0.6 GitLab EE versions 17.1 through 17.1.4 GitLab EE versions 17.2 through 17.2.2 **Description** An issue was discovered in GitLab EE which allowed cross project access for Security policy bot. **Recommendations** For GitLab EE versions 16.0 through 17.0.6, update to version 17.0.6 or later. For GitLab EE versions 17.1 through 17.1.4, update to version 17.1.4 or later. For GitLab EE versions 17.2 through 17.2.2, update to version 17.2.2 or later.

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.8 through 16.11.6 GitLab CE/EE versions 17.0 through 17.0.4 GitLab CE/EE versions 17.1 through 17.1.2 Description: An issue was discovered in GitLab CE/EE, which allows an attacker to trigger a pipeline as another user under certain circumstances. This is related to improper access control, allowing an attacker to run pipeline jobs with the rights of any other user. Over 30 million users, including Fortune 100 companies, are potentially affected. The vulnerability enables attackers to impersonate other users and run arbitrary pipeline jobs, posing a significant risk. Recommendations: For GitLab CE/EE versions 15.8 through 16.11.6, update to version 16.11.6 or later. For GitLab CE/EE versions 17.0 through 17.0.4, update to version 17.0.4 or later. For GitLab CE/EE versions 17.1 through 17.1.2, update to version 17.1.2 or later. To update, run the following commands: # For GitLab CE sudo apt-get update sudo apt-get install gitlab-ce=17.1.2-ce.0 # For GitLab EE sudo apt-get update sudo apt-get install gitlab-ee=17.1.2-ee.0 As a temporary workaround, consider restricting access to pipeline jobs to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.9 through 16.11.5 GitLab CE/EE versions 17.0 through 17.0.3 GitLab CE/EE versions 17.1 through 17.1.1 Description: The issue is related to a stored XSS vulnerability that can be imported from a project with malicious commit notes, potentially allowing an attacker to conduct cross-site scripting attacks. This could enable a remote attacker to perform intersite script attacks by exploiting the lack of protection measures for the web page structure. Recommendations: For versions 16.9 through 16.11.5, update to version 16.11.5 or later. For versions 17.0 through 17.0.3, update to version 17.0.3 or later. For versions 17.1 through 17.1.1, update to version 17.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab EE versions 16.11 through 17.0.4 GitLab EE versions 17.1 through 17.1.2 GitLab EE versions 17.2 through 17.2.0 **Description** The issue is related to insufficient authorization procedures in the Setting Handler component of the GitLab platform, which can allow a remote attacker to gain unauthorized access to protected information. Certain project-level analytics settings could be leaked in the DOM to group members with Developer or higher roles. **Recommendations** For GitLab EE versions 16.11 through 17.0.4, update to version 17.0.5 or later. For GitLab EE versions 17.1 through 17.1.2, update to version 17.1.3 or later. For GitLab EE versions 17.2 through 17.2.0, update to version 17.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 16.7 through 16.8.6 GitLab CE/EE versions 16.9 through 16.9.3 GitLab CE/EE versions 16.10 through 16.10.1 **Description** An issue has been discovered in GitLab CE/EE, where using the autocomplete for issues references feature, a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims. **Recommendations** For versions 16.7 through 16.8.6, update to a version after 16.8.6. For versions 16.9 through 16.9.3, update to version 16.9.4 or later. For versions 16.10 through 16.10.1, update to version 16.10.2 or later.

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.12 GitHub Enterprise Server versions 3.8.0 through 3.8.14 GitHub Enterprise Server versions 3.9.0 through 3.9.9 GitHub Enterprise Server versions 3.10.0 through 3.10.6 GitHub Enterprise Server versions 3.11.0 through 3.11.4 Description: A path traversal vulnerability was identified in GitHub Enterprise Server that allows an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability was reported via the GitHub Bug Bounty program. Recommendations: For GitHub Enterprise Server versions 3.8.0 through 3.8.14, update to version 3.8.15. For GitHub Enterprise Server versions 3.9.0 through 3.9.9, update to version 3.9.10. For GitHub Enterprise Server versions 3.10.0 through 3.10.6, update to version 3.10.7. For GitHub Enterprise Server versions 3.11.0 through 3.11.4, update to version 3.11.5. For GitHub Enterprise Server versions prior to 3.8.0, update to a fixed version. As a temporary workaround, consider restricting access to the GitHub Pages site to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 13.7 through 16.6.5 GitLab CE/EE versions 16.7 through 16.7.3 GitLab CE/EE versions 16.8 through 16.8.0 **Description** An issue has been discovered in GitLab CE/EE due to improper input sanitization of the `user name`, allowing arbitrary API PUT requests. This could potentially allow a remote attacker to execute arbitrary API PUT requests. **Recommendations** For GitLab CE/EE versions 13.7 through 16.6.5, update to version 16.6.6 or later. For GitLab CE/EE versions 16.7 through 16.7.3, update to version 16.7.4 or later. For GitLab CE/EE versions 16.8 through 16.8.0, update to version 16.8.1 or later. As a temporary workaround, consider restricting access to API endpoints that accept PUT requests until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 12.7 through 16.6.5 GitLab CE/EE versions 16.7 through 16.7.3 GitLab CE/EE versions 16.8 through 16.8.0 **Description** An issue has been discovered in GitLab CE/EE, where it is possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input. This is related to the use of a regular expression with inefficient computational complexity. The exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For GitLab CE/EE versions 12.7 through 16.6.5, update to version 16.6.6 or later. For GitLab CE/EE versions 16.7 through 16.7.3, update to version 16.7.4 or later. For GitLab CE/EE versions 16.8 through 16.8.0, update to version 16.8.1 or later. As a temporary workaround, consider restricting access to `Cargo.toml` files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.7.19 GitHub Enterprise Server versions prior to 3.8.12 GitHub Enterprise Server versions prior to 3.9.7 GitHub Enterprise Server versions prior to 3.10.4 GitHub Enterprise Server versions prior to 3.11.1 **Description** A path traversal issue was identified that allowed arbitrary file reading when building a GitHub Pages site. An attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance to exploit this issue. This issue was reported via the GitHub Bug Bounty program. **Recommendations** For GitHub Enterprise Server versions prior to 3.7.19, update to version 3.7.19 or later. For GitHub Enterprise Server versions prior to 3.8.12, update to version 3.8.12 or later. For GitHub Enterprise Server versions prior to 3.9.7, update to version 3.9.7 or later. For GitHub Enterprise Server versions prior to 3.10.4, update to version 3.10.4 or later. For GitHub Enterprise Server versions prior to 3.11.1, update to version 3.11.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions prior to 16.8.5 GitLab CE/EE versions 16.9 through 16.9.2 GitLab CE/EE versions 16.10 through 16.10.0 **Description** An issue has been discovered in GitLab CE/EE, where a wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims. The vulnerability exists due to inadequate protection of the web page structure. Exploitation of the vulnerability may allow a remote attacker to conduct an inter-site scripting (XSS) attack. **Recommendations** For GitLab CE/EE versions prior to 16.8.5, update to version 16.8.5 or later. For GitLab CE/EE versions 16.9 through 16.9.2, update to version 16.9.3 or later. For GitLab CE/EE versions 16.10 through 16.10.0, update to version 16.10.1 or later. As a temporary workaround, consider restricting access to wiki pages with crafted payloads to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.8 **Description** A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability was reported via the GitHub Bug Bounty program. **Recommendations** For versions prior to 3.7.7, update to version 3.7.7 or later. For versions prior to 3.6.10, update to version 3.6.10 or later. For versions prior to 3.5.14, update to version 3.5.14 or later. For versions prior to 3.4.17, update to version 3.4.17 or later. As a temporary workaround, consider restricting access to GitHub Pages site creation and build functionality until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions 3.7 through 3.7.5 **Description** A path traversal issue was identified that allows arbitrary file reading when building a GitHub Pages site. To exploit this, an attacker needs permission to create and build a GitHub Pages site on the instance. The issue was reported via the GitHub Bug Bounty program. **Recommendations** For GitHub Enterprise Server versions 3.7 through 3.7.5, update to version 3.7.6 to resolve the issue. As a temporary workaround, consider restricting permissions to create and build GitHub Pages sites on the GitHub Enterprise Server instance until the update is applied.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server version 3.7.0 **Description** An improper limitation of a pathname to a restricted directory was identified, enabling remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content, preventing an arbitrary file overwrite bug. This issue was reported via the GitHub Bug Bounty program. **Recommendations** For version 3.7.0, update to version 3.7.1 to resolve the issue. As a temporary workaround, consider ensuring the working directory is clean before unpacking new content to prevent arbitrary file overwrites.

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.3.17 GitHub Enterprise Server versions prior to 3.4.12 GitHub Enterprise Server versions prior to 3.5.9 GitHub Enterprise Server versions prior to 3.6.5 GitHub Enterprise Server versions prior to 3.7.2 **Description** A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was reported via the GitHub Bug Bounty program. **Recommendations** For versions prior to 3.3.17, update to version 3.3.17 or later. For versions prior to 3.4.12, update to version 3.4.12 or later. For versions prior to 3.5.9, update to version 3.5.9 or later. For versions prior to 3.6.5, update to version 3.6.5 or later. For versions prior to 3.7.2, update to version 3.7.2 or later.