Back to overview

CVE-2026-13151

LOW
2.7
CVSS 3.1
Description
GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper authorization controls.

Metadata

CVE ID
CVE-2026-13151
State
PUBLISHED
Assigner
GitLab
Reserved
2026-06-24 10:43 UTC
Published
2026-07-08 20:46 UTC
Last updated
2026-07-08 20:46 UTC
Primary CWE
CWE-863
CWE-863: Incorrect Authorization
Vendor / Product
GitLab / GitLab
Sources
cve.org  ·  NVD

Severity & Metrics

2.7 LOW CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Affected products (1)
VendorProductPlatformVersions
GitLab GitLab 16.10 < 18.11.7, 19.0 < 19.0.4, 19.1 < 19.1.2
Weakness (CWE)
CWESourceDescription
CWE-863 cna CWE-863: Incorrect Authorization
CVSS scores (1)
ScoreSeverityVersionSourceVector
2.7 LOW 3.1 cna CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Back to overview