| Severity |
|
| Remote |
|
| Type |
| + |
Access restriction bypass |
|
| Description |
| + |
A security issue has been found in gitlab versions prior to 11.4.3, where the protected_branches API was vulnerable to an issue which allowed an unauthorized user to remove the merge_access_levels and push_access_levels objects. This could result in the inability of project participants to push or merge into the branch. |
|
| References |
| + |
https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/ |
|
| Notes |
| + |
Only affects Enterprise Edition, not for us. |
|