CVE-2022-1783

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 14.3 through 14.9.4 GitLab CE/EE versions 14.10 through 14.10.3 GitLab CE/EE versions 15.0 through 15.0.0

Description An issue has been discovered in GitLab CE/EE, related to inadequate access control. It may be possible for malicious group maintainers to add new members to a project within their group through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group.

Recommendations For versions 14.3 through 14.9.4, update to version 14.9.5 or later. For versions 14.10 through 14.10.3, update to version 14.10.4 or later. For versions 15.0 through 15.0.0, update to version 15.0.1 or later. As a temporary workaround, consider restricting access to the REST API to minimize the risk of exploitation.