Execute environment stop actions as the owner of the stop action job
Prevent code injection in Product Analytics funnels YAML
SSRF via Dependency Proxy
Denial of Service via sending a large glm_source parameter
CI_JOB_TOKEN can be used to obtain GitLab session token
Variables from settings are not overwritten by PEP if a template is included
Guests can disclose the full source code of projects using custom group-level templates
IdentitiesController allows linking of arbitrary unclaimed provider identities
Open redirect in repo/tree/:id endpoint can lead to account takeover through broken OAuth flow
Open redirect in release permanent links can lead to account takeover through broken OAuth flow
Guest user with Admin group member permission can edit custom role to gain other permissions
Exposure of protected and masked CI/CD variables by abusing on-demand DAST
Credentials disclosed when repository mirroring fails
Commit information visible through release atom endpoint for guest users
Dependency Proxy Credentials are Logged in Plaintext in graphql Logs
User Application can spoof the redirect url
Group Developers can view group runners information