Gitolite before 3.6.9 does not properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access. See: https://nvd.nist.gov/vuln/detail/CVE-2018-16976