Gitlab open user registration
Description
The GitLab instance has open user registration enabled, allowing anyone with network access to create an authenticated account without administrator approval. This configuration permits unrestricted account creation, which may grant unauthorized users access to internal repositories, projects, and organizational information that should be restricted to verified team members.
Remediation
Disable open user registration to prevent unauthorized account creation. Navigate to Admin Area > Settings > General > Sign-up restrictions and either disable sign-ups entirely or enable 'Require admin approval for new sign-ups'. For organizations that require external collaboration, implement domain-based restrictions to limit registration to approved email domains, or use SAML/OAuth integration with your identity provider to control access centrally. After implementing restrictions, review existing user accounts to identify and remove any unauthorized registrations that may have occurred while open registration was enabled.