CVE-2022-2459

Name of the Vulnerable Software and Affected Versions GitLab EE versions prior to 15.0.5 GitLab EE versions 15.1 through 15.1.4 GitLab EE versions 15.2 through 15.2.1

Description An issue has been discovered in GitLab EE where email invited members may be able to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled.

Recommendations For versions prior to 15.0.5, update to version 15.0.5 or later. For versions 15.1 through 15.1.4, update to version 15.1.4 or later. For versions 15.2 through 15.2.1, update to version 15.2.1 or later.