Multiple issues have been discovered in GitLab CE/EE, affecting various versions. A vulnerability in all versions from 12.2 to 16.5.6, 16.6 to 16.6.4, and 16.7 to 16.7.2 allows attackers to potentially modify signed commit metadata. Another issue in GitLab EE, from versions 15.3 to 16.5.6, 16.6 to 16.6.4, and 16.7 to 16.7.2, permits bypassing required CODEOWNERS approval by adding changes to an approved merge request. Incorrect authorization checks from versions 8.13 to 16.5.6, 16.6 to 16.6.4, and 16.7 to 16.7.2 enable abuse of slack/mattermost integrations to execute slash commands as another user. An improper access control vulnerability in GitLab Remote Development, affecting all versions before 16.5.6, 16.6 to 16.6.4, and 16.7 to 16.7.2, allows attackers to create a workspace in one group associated with an agent from another group. Additionally, in versions 16.1 to 16.7.2, user account password reset emails could be sent to unverified email addresses.