Verify VSD point target_project_id (!132130) · Merge requests · GitLab.org / GitLab

Adam Hegyi requested to merge 420894-always-verify-project-id-for-vsd-setting into master Sep 19, 2023

What does this MR do and why?

This change ensures that the passed in and returned target_project_id for the value stream dashboard project pointer is part of the group hierarchy.

Note: the related issue was created as a security issue but after examining the problem, it turned out that the bug is not exploitable. See the related thread: #420894 (comment 1564947327)

How to set up and validate locally

See the steps to reproduce in the issue: #420894 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #420894 (closed)

Verify VSD point target_project_id

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports