gitlab13.2.2 has CVE-2021-22214 vulnerability, then I upgraded the latest version and still have the vulnerability. Then I installed a new one and tested the new environment without the vulnerability, but after migrating the original data backup over and testing again, the vulnerability is there again, I wonder why?
I re-tested and found that,
The CVE-2021-22214 vulnerability occurs when “Require admin approval for new sign-ups” is not checked in the settings.
1 Like