Byst4Nly0N

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 8.2 through 17.1.6 GitLab CE/EE versions 17.2 through 17.2.4 GitLab CE/EE versions 17.3 through 17.3.1 **Description** An issue was discovered in GitLab CE/EE, which allows an attacker to create a branch with the same name as a deleted tag. **Recommendations** For versions 8.2 through 17.1.6, update to version 17.1.6 or later. For versions 17.2 through 17.2.4, update to version 17.2.4 or later. For versions 17.3 through 17.3.1, update to version 17.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 16.3 through 16.4.3 GitLab CE/EE versions 16.5 through 16.5.3 GitLab CE/EE versions 16.6 through 16.6.1 **Description** An issue has been discovered in GitLab CE/EE where file integrity may be compromised when specific HTML encoding is used for file names, leading to incorrect representation in the UI. **Recommendations** For versions 16.3 through 16.4.3, update to version 16.4.4 or later. For versions 16.5 through 16.5.3, update to version 16.5.4 or later. For versions 16.6 through 16.6.1, update to version 16.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions prior to 16.4.4 GitLab CE/EE versions 16.5 through 16.5.3 GitLab CE/EE versions 16.6 through 16.6.1 **Description** An issue has been discovered in GitLab CE/EE that may compromise file integrity when source code or installation packages are pulled from a specific tag. **Recommendations** For versions prior to 16.4.4, update to version 16.4.4 or later. For versions 16.5 through 16.5.3, update to version 16.5.4 or later. For versions 16.6 through 16.6.1, update to version 16.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions prior to 16.0.8 GitLab versions 16.1 prior to 16.1.3 GitLab versions 16.2 prior to 16.2.2 **Description** An issue has been discovered in GitLab where the main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code. **Recommendations** For versions prior to 16.0.8, update to version 16.0.8 or later. For versions 16.1 prior to 16.1.3, update to version 16.1.3 or later. For versions 16.2 prior to 16.2.2, update to version 16.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 8.6 through 15.9.5 GitLab CE/EE versions 15.10.0 through 15.10.4 GitLab CE/EE versions 15.11.0 **Description** An issue has been discovered in GitLab CE/EE where file integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit. **Recommendations** For versions 8.6 through 15.9.5, update to version 15.9.6 or later. For versions 15.10.0 through 15.10.4, update to version 15.10.5 or later. For version 15.11.0, update to version 15.11.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions prior to 15.9.6 GitLab versions 15.10 through 15.10.4 GitLab versions 15.11 through 15.11.0 **Description** An issue has been discovered in GitLab where the main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code. Victims who clone or download these repositories will execute arbitrary code on their systems. **Recommendations** For versions prior to 15.9.6, update to version 15.9.6 or later. For versions 15.10 through 15.10.4, update to version 15.10.5 or later. For versions 15.11 through 15.11.0, update to version 15.11.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions prior to 15.6.7 GitLab CE/EE versions 15.7 through 15.7.5 GitLab CE/EE versions 15.8 through 15.8.0 **Description** A Cross Site Request Forgery issue has been discovered in GitLab CE/EE. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project. **Recommendations** For versions prior to 15.6.7, update to version 15.6.7 or later. For versions 15.7 through 15.7.5, update to version 15.7.6 or later. For versions 15.8 through 15.8.0, update to version 15.8.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions prior to 15.2.5 GitLab CE/EE versions 15.3 prior to 15.3.4 GitLab CE/EE versions 15.4 prior to 15.4.1 **Description** A branch/tag name confusion issue allows an attacker to manipulate pages where the content of the default branch would be expected. **Recommendations** For versions prior to 15.2.5, update to version 15.2.5 or later. For versions 15.3 prior to 15.3.4, update to version 15.3.4 or later. For versions 15.4 prior to 15.4.1, update to version 15.4.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE (affected versions not specified) **Description** The issue concerns the inaccurate display of Snippet files containing special characters, which allows an attacker to create Snippets with misleading content. This misleading content could trick unsuspecting users into executing arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.