First published: Thu Apr 25 2024(Updated: )
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | <16.9.6 | |
GitLab GitLab | <16.9.6 | |
GitLab GitLab | >=16.10.0<16.10.4 | |
GitLab GitLab | >=16.10.0<16.10.4 | |
GitLab GitLab | =16.11.0 | |
GitLab GitLab | =16.11.0 |
Upgrade to versions 16.9.6, 16.10.4, 16.11.1 or above.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.