Vulnerability Description
An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the 'Invite a group' feature to invite a group that has members that don't comply with domain allow-list.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 12.2.0, < 14.10.5 |
Related Weaknesses (CWE)
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1981.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/354791Broken Link
- https://hackerone.com/reports/1501733Permissions RequiredThird Party Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1981.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/354791Broken Link
- https://hackerone.com/reports/1501733Permissions RequiredThird Party Advisory
FAQ
What is CVE-2022-1981?
CVE-2022-1981 is a vulnerability with a CVSS score of 2.7 (LOW). An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restr...
How severe is CVE-2022-1981?
CVE-2022-1981 has been rated LOW with a CVSS base score of 2.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1981?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.