An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can impersonate a user resulting in possibly incorrect access handling.
{ "cpes": [ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" ], "severity": "Low" }