A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens.CreditsThanks joaxcar for reporting this vulnerability through our HackerOne bug bounty programReferenceshttps://gitlab.com/gitlab-org/gitlab/-/issues/333175https://hackerone.com/reports/1199561https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39866.json
