Vulnerabilities > CVE-2022-1981 - Incorrect Authorization vulnerability in Gitlab

047910
CVSS 2.7 - LOW
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
gitlab
CWE-863

Summary

An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the 'Invite a group' feature to invite a group that has members that don't comply with domain allow-list.

Vulnerable Configurations

Part Description Count
Application
Gitlab
285

Common Weakness Enumeration (CWE)