CVE-2022-1981

Name of the Vulnerable Software and Affected Versions GitLab EE versions 12.2 through 14.10.5 GitLab EE versions 15.0 through 15.0.4 GitLab EE versions 15.1 through 15.1.1

Description An issue has been discovered in GitLab EE where the domain allow-list can be bypassed. This occurs when a group enables the setting to restrict access to users belonging to specific domains, and a Maintainer uses the 'Invite a group' feature to invite a group with members that don't comply with the domain allow-list.

Recommendations For GitLab EE versions 12.2 through 14.10.5, update to version 14.10.5 or later. For GitLab EE versions 15.0 through 15.0.4, update to version 15.0.4 or later. For GitLab EE versions 15.1 through 15.1.1, update to version 15.1.1 or later. As a temporary workaround, consider restricting the use of the 'Invite a group' feature until the issue is resolved.