CVE-2022-4331

Name of the Vulnerable Software and Affected Versions GitLab EE versions 15.1 through 15.7.7 GitLab EE versions 15.8 through 15.8.3 GitLab EE versions 15.9 through 15.9.1

Description An issue has been discovered in GitLab EE. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible that a previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group.

Recommendations For GitLab EE versions 15.1 through 15.7.7, update to version 15.7.8 or later. For GitLab EE versions 15.8 through 15.8.3, update to version 15.8.4 or later. For GitLab EE versions 15.9 through 15.9.1, update to version 15.9.2 or later.