Bypassing Push Rules via Email Merge Requests in GitLab

Bypassing Push Rules via Email Merge Requests in GitLab

CVE-2019-15723 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations.

Learn more about our Web Application Penetration Testing UK.