Improper Access Control Allows Unauthorized User Creation in GitLab EE Versions 13.11.6, 13.12.6, and 14.0.2

Improper Access Control Allows Unauthorized User Creation in GitLab EE Versions 13.11.6, 13.12.6, and 14.0.2

CVE-2021-22240 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled

Learn more about our User Device Pen Test.