CVE-2023-6564 Information

Description

An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3 16.5.3 and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches.

Reference

https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17213