Description
An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Affected products
- gitlab / GitLab EE>=10.2, <13.3.9 – >=10.2, <13.3.9
- gitlab / GitLab EE>=13.4, <13.4.5 – >=13.4, <13.4.5
- gitlab / GitLab EE>=13.5, <13.5.2 – >=13.5, <13.5.2