Az3Z3L

**Name of the Vulnerable Software and Affected Versions** GitLab versions 13.12 through 13.12.5 GitLab versions 14.0.0 through 14.0.1 **Description** A cross-site request forgery issue in the GraphQL API allows an attacker to call mutations as the victim. The vulnerability is related to the lack of X-CSRF-Token header check in GET requests. This enables a remote attacker to impact data integrity. **Recommendations** For GitLab versions 13.12 through 13.12.5, update to version 13.12.6 or later. For GitLab versions 14.0.0 through 14.0.1, update to version 14.0.2 or later. As a temporary workaround, consider restricting access to the GraphQL API until a patch is available.