CVE-2021-22243

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 7.10 and later

Description The issue is related to incorrect authorization in GitLab, a platform for collaborative code development. Under specific conditions, it allows existing users to use an invite URL intended for another email address to gain access to a group, potentially leading to unauthorized access to confidential data.

Recommendations For GitLab CE/EE versions 7.10 and later, consider restricting access to invite URLs to prevent unauthorized group access until a patch is available. As a temporary workaround, monitor user activity and group membership changes closely to detect any potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.