GitLab: Unauthorized Access to Internal Notes in Public Projects

In GitLab CE/EE versions from 15.0 and before 17.4.6, from including 17.5 and before 17.5.4, and from including 17.6 and before 17.6.2 a medium severity vulnerability CVE-2024-8650 was detected. This vulnerability allows non-member users to view unresolved threads marked as internal notes in public projects’ merge requests. To address this issue, update GitLab CE/EE to versions 17.4.6, 17.5.4, or 17.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8650.