First published: Thu Feb 08 2024(Updated: )
An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | =16.4.3 | |
GitLab GitLab | =16.5.3 | |
GitLab GitLab | =16.6.1 |
Upgrade to version 16.4.4, 16.5.4 or 16.6.2
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.