Pushing commits via ssh in protected branches as developer possible
Created by: Petchimuthu
Security issue:
People who are not master in the project can also able to push the commits into the protected branch via ssh protocol.
Permission level in the project: Developer
Steps to reproduce
Use a user with "developer"-access to the project
mark a particular branch as protected.
clone the project using ssh and switch to the protected branch
commits and push the protected branch using sshExpected behavior
As developer you shouldn't be able to push your commits in to a protected branch if he is a developer in the project.
Observed behavior
commits pushed by a developer and its displayed in the project dashboard.
Relevant logs and/or screenshots
none
Possible fixes
none
Additional Information
But its not possible via http