We have a self hosted Gitlab in a docker container which running version is CE 16.7.7. Nowadays Gitlab publicated the CVE-2023-6371 vulnerability. We checked more sites, but not clearly for us that the 16.7.7 version is affected in CVE-2023-6371. The descibrition wrote “An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1.” We think the 16.7.7 is affected, but some sites said not clearly this.
So, we must to upgrade 16.8.5 that we mitigate this vulnerability?
Since 16.7.7 is before 16.8.5, then it’s pretty clear it’s affected. It doesn’t say like in the other examples, all versions from 16.8. So means everything before 16.8.5
That would mitigate this vulnerability, but unless you have a very good reason to avoid going to 16.10.1 it would (a lot) better to do so, that is maintained for two months more than 16.8.5.