The host is installed with GitLab EE 13.12 before 16.2.8, 16.3 before 16.3.5 or 16.4.0 before 16.4.1 and is prone to an improper access control vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.