The host is installed with GitLab EE 12.2 before 14.10.5, 15.0 before 15.0.4 or 15.1 before 15.1.1 and is prone to an incorrect authorization vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. On successful exploitation, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the 'Invite a group' feature to invite a group that has members that don't comply with domain allow-list.