The host is installed with GitLab EE 16.4 before 16.6.7, 16.7 before 16.7.5, and 16.8 before 16.8.2 and is prone to an improper access control vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. Successful exploitation allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR.