CVE-2021-39889

In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt