Improper Access Control in GitLab Allows Demoted Project Members to Access Authored Merge Request Details

Improper Access Control in GitLab Allows Demoted Project Members to Access Authored Merge Request Details

CVE-2021-22176 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests

Learn more about our Web Application Penetration Testing UK.