The host is installed with GitLab CE/EE 16.3 before 16.3.7, 16.1 before 16.1.6, 16.2 before 16.2.9, 16.4 before 16.4.5, 16.5 before 16.5.6, 16.6 before 16.6.4 or 16.7 before 16.7.2 and is prone to an improper access control vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow attackers to deliver user account password reset emails to an unverified email address.