CVE-2021-22229

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 12.8 and later

Description An issue has been discovered affecting GitLab CE/EE, where under a special condition, it was possible to access data of an internal repository through a project fork done by a project member. The issue is related to insufficient access restrictions to a forked project, allowing a remote attacker to gain access to confidential data.

Recommendations For GitLab CE/EE versions 12.8 and later, consider restricting access to project forks to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the permissions of project members to prevent unauthorized access to internal repository data.