Improper Access Control in GitLab Allows Demoted Project Members to Access Authored Merge Request Details
CVE-2021-22176 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests
Learn more about our Web Application Penetration Testing UK.