Back to overview

CVE-2026-6352

LOW
2.7
CVSS 3.1
Description
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper authorization on certain GraphQL operations.

Metadata

CVE ID
CVE-2026-6352
State
PUBLISHED
Assigner
GitLab
Reserved
2026-04-15 13:03 UTC
Published
2026-07-08 20:46 UTC
Last updated
2026-07-08 20:46 UTC
Primary CWE
CWE-863
CWE-863: Incorrect Authorization
Vendor / Product
GitLab / GitLab
Sources
cve.org  ·  NVD

Severity & Metrics

2.7 LOW CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Affected products (1)
VendorProductPlatformVersions
GitLab GitLab 18.2 < 18.11.7, 19.0 < 19.0.4, 19.1 < 19.1.2
Weakness (CWE)
CWESourceDescription
CWE-863 cna CWE-863: Incorrect Authorization
CVSS scores (1)
ScoreSeverityVersionSourceVector
2.7 LOW 3.1 cna CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Back to overview