Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab versions before 14.1.2.
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab versions before 14.1.2.
https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/#perform-git-actions-with-an-impersonation-token-even-if-impersonation-is-disabled