Improper Enforcement of Behavioral Workflow in GitLab

An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict.

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

行为工作流的不恰当实施

GitLab 访问控制错误漏洞

GitLab是美国GitLab公司的一个开源的端到端软件开发平台，具有内置的版本控制、问题跟踪、代码审查、CI/CD（持续集成和持续交付）等功能。 GitLab 存在访问控制错误漏洞，该漏洞源于开发人员可以通过创建合并冲突来绕过 CODEOWNERS 批准。

N/A

N/A