Samuellgon

**Name of the Vulnerable Software and Affected Versions** GitLab EE/CE versions 8.0 through 16.3 **Description** The issue concerns the insufficient warning about security implications of granting merge rights to protected branches in GitLab EE/CE. This could potentially lead to exposure of sensitive information due to incompatible policies, resulting in a data leak. The vulnerability is related to inadequate protection of service data, which may allow a remote attacker to access, modify, or delete data. **Recommendations** For GitLab EE/CE versions 8.0 through 16.3, upgrade the affected component to a version that includes the necessary security fixes to mitigate the risk of data exposure due to insufficient warnings about merge rights to protected branches.