← volver
CVE-2026-11379

Incorrect Authorization in GitLab

CVSS 5.3 MEDIUMEPSS 0.2%CWE-863
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
25 jun 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under certain conditions.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Productos afectados
GitLab · GitLab

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/https://gitlab.com/gitlab-org/gitlab/-/work_items/517659