Improper Authorization in GitLab EE Affects User Permissions
CVE-2026-13151
2.7LOW
What is CVE-2026-13151?
GitLab has addressed a significant authorization issue in GitLab EE that allows authenticated users to alter group-level settings beyond their designated permissions. This vulnerability affects multiple versions, opening the door for unauthorized alterations that could compromise group configurations. Implementing the latest updates is crucial to mitigate potential risks associated with this flaw.
Affected Version(s)
GitLab 16.10 < 18.11.7
GitLab 19.0 < 19.0.4
GitLab 19.1 < 19.1.2
References
CVSS V3.1
Score:
2.7
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
This vulnerability has been discovered internally by GitLab team member zli