diff options
| author | Charlie Ablett <cablett@gitlab.com> | 2019-10-29 15:58:26 +0000 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-29 15:58:26 +0000 |
| commit | d40b79021dc1f1ad95e608e17cac69a4390c9cf9 (patch) | |
| tree | 2c5da480a8244ac146e5718dcc4e376fe08bdf18 /changelogs | |
| parent | 771f3fb9aae6129f5e6209e2f77e996e4562f176 (diff) | |
| download | gitlab-ce-d40b79021dc1f1ad95e608e17cac69a4390c9cf9.tar.gz | |
Improper access control allows the attacker to comment in internal commit after they are no longer admin
Diffstat (limited to 'changelogs')
| -rw-r--r-- | changelogs/unreleased/security-65756-ex-admin-attacker-can-comment-in-internal.yml | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-65756-ex-admin-attacker-can-comment-in-internal.yml b/changelogs/unreleased/security-65756-ex-admin-attacker-can-comment-in-internal.yml new file mode 100644 index 00000000000..3d9f480ba11 --- /dev/null +++ b/changelogs/unreleased/security-65756-ex-admin-attacker-can-comment-in-internal.yml @@ -0,0 +1,5 @@ +--- +title: Disallow unprivileged users from commenting on private repository commits +merge_request: +author: +type: security |