In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration.
{ "cpes": [ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "cpe:2.3:a:gitlab:gitlab:4.3.0:*:*:*:community:*:*:*", "cpe:2.3:a:gitlab:gitlab:4.3.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" ], "severity": "Medium" }