CVE-2021-22237

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions prior to 13.12.9 GitLab CE/EE versions prior to 14.0.7 GitLab CE/EE versions prior to 14.1.2

Description The issue is related to incorrect session management in GitLab, allowing a remote attacker to impact data integrity. Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled.

Recommendations For versions prior to 13.12.9, update to version 13.12.9 or later. For versions prior to 14.0.7, update to version 14.0.7 or later. For versions prior to 14.1.2, update to version 14.1.2 or later. As a temporary workaround, consider disabling the use of impersonation token until a patch is available. Restrict access to Git actions to minimize the risk of exploitation.