CVE-2024-6502 Information

Description

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4 and starting from 17.3 prior to 17.3.1 which allows an attacker to create a branch with the same name as a deleted tag.

Reference

https://gitlab.com/gitlab-org/gitlab/-/issues/470647 https://hackerone.com/reports/2574561