Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed
Credits
Thanks @vaib25vicky for reporting this vulnerability through our HackerOne bug bounty program
