The host is installed with GitLab CE/EE 11.9 before 15.9.6, 15.10 before 15.10.5, 15.11 before 15.11.1 and is prone to an improper access control vulnerability. A flaw is present in the application, which fails to properly handle certain conditions. Successful exploitation allows for a privileged attacker, to obtain session tokens from all users of a GitLab instance.