Byst4Nly0N

**Nome do software vulnerável e versões afetadas** Versões 8.2 a 17.1.6 do GitLab CE/EE Versões 17.2 a 17.2.4 do GitLab CE/EE Versões 17.3 a 17.3.1 do GitLab CE/EE **Descrição** Foi descoberta uma vulnerabilidade no GitLab CE/EE que permite que um invasor crie um branch com o mesmo nome de uma tag excluída. **Recomendações** Para as versões 8.2 a 17.1.6, atualize para a versão 17.1.6 ou posterior. Para as versões 17.2 a 17.2.4, atualize para a versão 17.2.4 ou posterior. Para as versões 17.3 a 17.3.1, atualize para a versão 17.3.1 ou posterior.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 16.3 through 16.4.3 GitLab CE/EE versions 16.5 through 16.5.3 GitLab CE/EE versions 16.6 through 16.6.1 **Description** An issue has been discovered in GitLab CE/EE where file integrity may be compromised when specific HTML encoding is used for file names, leading to incorrect representation in the UI. **Recommendations** For versions 16.3 through 16.4.3, update to version 16.4.4 or later. For versions 16.5 through 16.5.3, update to version 16.5.4 or later. For versions 16.6 through 16.6.1, update to version 16.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions prior to 16.4.4 GitLab CE/EE versions 16.5 through 16.5.3 GitLab CE/EE versions 16.6 through 16.6.1 **Description** An issue has been discovered in GitLab CE/EE that may compromise file integrity when source code or installation packages are pulled from a specific tag. **Recommendations** For versions prior to 16.4.4, update to version 16.4.4 or later. For versions 16.5 through 16.5.3, update to version 16.5.4 or later. For versions 16.6 through 16.6.1, update to version 16.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions prior to 16.0.8 GitLab versions 16.1 prior to 16.1.3 GitLab versions 16.2 prior to 16.2.2 **Description** An issue has been discovered in GitLab where the main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code. **Recommendations** For versions prior to 16.0.8, update to version 16.0.8 or later. For versions 16.1 prior to 16.1.3, update to version 16.1.3 or later. For versions 16.2 prior to 16.2.2, update to version 16.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 8.6 through 15.9.5 GitLab CE/EE versions 15.10.0 through 15.10.4 GitLab CE/EE versions 15.11.0 **Description** An issue has been discovered in GitLab CE/EE where file integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit. **Recommendations** For versions 8.6 through 15.9.5, update to version 15.9.6 or later. For versions 15.10.0 through 15.10.4, update to version 15.10.5 or later. For version 15.11.0, update to version 15.11.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions prior to 15.9.6 GitLab versions 15.10 through 15.10.4 GitLab versions 15.11 through 15.11.0 **Description** An issue has been discovered in GitLab where the main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code. Victims who clone or download these repositories will execute arbitrary code on their systems. **Recommendations** For versions prior to 15.9.6, update to version 15.9.6 or later. For versions 15.10 through 15.10.4, update to version 15.10.5 or later. For versions 15.11 through 15.11.0, update to version 15.11.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions prior to 15.6.7 GitLab CE/EE versions 15.7 through 15.7.5 GitLab CE/EE versions 15.8 through 15.8.0 **Description** A Cross Site Request Forgery issue has been discovered in GitLab CE/EE. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project. **Recommendations** For versions prior to 15.6.7, update to version 15.6.7 or later. For versions 15.7 through 15.7.5, update to version 15.7.6 or later. For versions 15.8 through 15.8.0, update to version 15.8.1 or later.

**Nome do software vulnerável e versões afetadas** Versões do GitLab CE/EE anteriores à 15.2.5 Versões do GitLab CE/EE 15.3 anteriores à 15.3.4 Versões do GitLab CE/EE 15.4 anteriores à 15.4.1 **Descrição** Um problema de confusão entre nomes de ramificação/tag permite que um invasor manipule páginas onde se esperaria encontrar o conteúdo da ramificação padrão. **Recomendações** Para versões anteriores à 15.2.5, atualize para a versão 15.2.5 ou posterior. Para versões 15.3 anteriores à 15.3.4, atualize para a versão 15.3.4 ou posterior. Para versões 15.4 anteriores à 15.4.1, atualize para a versão 15.4.1 ou posterior.

**Nome do software vulnerável e versões afetadas** GitLab CE/EE (versões afetadas não especificadas) **Descrição** O problema diz respeito à exibição incorreta de arquivos de Snippet contendo caracteres especiais, o que permite que um invasor crie Snippets com conteúdo enganoso. Esse conteúdo enganoso poderia induzir usuários desavisados a executar comandos arbitrários. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.