Name of the Vulnerable Software and Affected Versions:

GitLab EE versions 12.0 through 16.7.6

GitLab EE versions 16.8 through 16.8.2

GitLab EE versions 16.9 through 16.9.0

Description:

The issue discovered in GitLab EE is related to insufficient access control, allowing for the bypassing of 'group ip restriction' settings. This enables unauthorized access to environment details of projects. The vulnerability can be exploited remotely to disclose protected information.

Recommendations:

For GitLab EE versions 12.0 through 16.7.6, update to version 16.7.7 or later.

For GitLab EE versions 16.8 through 16.8.2, update to version 16.8.3 or later.

For GitLab EE versions 16.9 through 16.9.0, update to version 16.9.1 or later.

As a temporary workaround, consider restricting access to environment details of projects until a patch is available.