GitLab released a security update to address a weaponized vulnerability in GitLab CE and EE. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.