An issue created to address a SAST vulnerability points to the wrong branch

Summary

An issue created to address a SAST vulnerability points to the wrong branch

Steps to reproduce

1. Opened following merge request: jfeeney/joel-springsample!13
2. Expanded SAST section and clicked on "Medium (High): Overly permissive CORS policy"
3. Clicked on Create Issue button which resulted in creation of following issue: https://gitlab.com/jfeeney/joel-springsample/issues/12

Expected: "Location" link in the issue points to line 17 of HelloController.java in merge request branch "add-webgoat-classes". This line contains the problematic code: response.setHeader("Access-Control-Allow-Origin", "*"); https://gitlab.com/jfeeney/joel-springsample/blob/add-webgoat-classes/src/main/java/hello/HelloController.java

Actual: "Location" link points to line 17 of HelloController.java in master branch.

Example Project

Project: https://gitlab.com/jfeeney/joel-springsample Merge Request: jfeeney/joel-springsample!13 Issue: https://gitlab.com/jfeeney/joel-springsample/issues/12

What is the current bug behavior?

"Location" link points to line 17 of HelloController.java in master branch.

What is the expected correct behavior?

"Location" link in the issue points to line 17 of HelloController.java in merge request branch "add-webgoat-classes". This line contains the problematic code: response.setHeader("Access-Control-Allow-Origin", "*"); https://gitlab.com/jfeeney/joel-springsample/blob/add-webgoat-classes/src/main/java/hello/HelloController.java

Relevant logs and/or screenshots

Output of checks

This bug happens on GitLab.com

Results of GitLab environment info

This bug happens on GitLab.com

Results of GitLab application Check

This bug happens on GitLab.com

Possible fixes

N/A