08dbd93bd6
This validates the correct abilities for both projects. Only `read_project` isn't enough: For the `source_project` we validate `create_merge_request_from` this also validates that the user has developer access to the project. For the `target_project` we validate `create_merge_reqeust_in` this also validates that the user has access to the project's repository. To avoid generating diffs for unrelated projects we also validate that the projects are in the same fork network now.
5 lines
132 B
YAML
5 lines
132 B
YAML
---
|
|
title: Don't expose cross project repositories through diffs when creating merge reqeusts
|
|
merge_request:
|
|
author:
|
|
type: security
|