CVE-2023-2589

Name of the Vulnerable Software and Affected Versions GitLab EE versions 12.0 through 15.10.8 GitLab EE versions 15.11 through 15.11.7 GitLab EE versions 16.0 through 16.0.2

Description An issue has been discovered in GitLab EE that allows an attacker to clone a repository from a public project, from a disallowed IP, even after the top-level group has enabled IP restrictions on the group.

Recommendations For versions 12.0 through 15.10.8, update to a version after 15.10.8 to resolve the issue. For versions 15.11 through 15.11.7, update to a version after 15.11.7 to resolve the issue. For versions 16.0 through 16.0.2, update to a version after 16.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the repository cloning functionality until a patch is available.