CVE-2021-22228

Name of the Vulnerable Software and Affected Versions GitLab versions prior to 13.11.6 GitLab versions 13.12 through 13.12.5 GitLab versions 14.0 through 14.0.1

Description An issue has been discovered in GitLab related to improper access control when using GraphQL, allowing unauthorized users to access project details. This issue can be exploited by a remote attacker to gain access to confidential data.

Recommendations For versions prior to 13.11.6, update to version 13.11.6 or later. For versions 13.12 through 13.12.5, update to version 13.12.6 or later. For versions 14.0 through 14.0.1, update to version 14.0.2 or later. As a temporary workaround, consider restricting access to GraphQL endpoints to minimize the risk of exploitation.