GitLab has released important security fixes for versions 16.7.2, 16.6.4, and 16.5.6 for GitLab Community Edition (CE) and Enterprise Edition (EE). The fixes include multiple bugs, including a critical account takeover vulnerability that does not require user interaction.
However, other fixes were approval and removal bypass from CODEOWNERS, execution of slash commands by abusing Slack/Mattermost integrations, new workspace creation under different root namespaces, and a commit signature validation ignore.
https://cybersecuritynews.com/5379-gitlab-servers/