Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Avoid private project name disclosure
When an unprivileged user tries to access a private project via manage_proj_edit_page.php, they receive an Access Denied as expected, but the project's name is leaked via the navbar's project selector. Credits to d3vpoo1 (https://gitlab.com/jrckmcsb) for reporting and providing an initial patch for this bug. Fixes #27726, #27357, CVE-2020-29603
- Loading branch information