CVE-2023-3441

Name of the Vulnerable Software and Affected Versions GitLab EE/CE versions 8.0 through 16.3

Description The issue concerns the insufficient warning about security implications of granting merge rights to protected branches in GitLab EE/CE. This could potentially lead to exposure of sensitive information due to incompatible policies, resulting in a data leak. The vulnerability is related to inadequate protection of service data, which may allow a remote attacker to access, modify, or delete data.

Recommendations For GitLab EE/CE versions 8.0 through 16.3, upgrade the affected component to a version that includes the necessary security fixes to mitigate the risk of data exposure due to insufficient warnings about merge rights to protected branches.