Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to access confidential issue details due to incorrect authorization checks.
Published: 2026-06-11
Score: 3.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

GitLab Community Edition and Enterprise Edition suffered a flaw where incorrect authorization checks could allow an authenticated user to view confidential details on issues. The vulnerability could expose sensitive project data to users who should not have access, thereby breaching confidentiality of internal information.

Affected Systems

All GitLab versions from 12.0 up to but not including 18.10.8, from 18.11 up to but not including 18.11.5, and from 19.0 up to but not including 19.0.2 are affected. The recommendation is to upgrade to GitLab 18.10.8, 18.11.5, 19.0.2 or later.

Risk and Exploitability

The CVSS score of 3.1 indicates a low severity rating. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. The most likely attack vector is an authenticated user exploiting the flawed permission checks; no external or privileged execution is required.

Generated by OpenCVE AI on June 11, 2026 at 12:22 UTC.

Remediation

Vendor Solution

Upgrade to versions 18.10.8, 18.11.5, 19.0.2 or above.

OpenCVE Recommended Actions

  • Apply the vendor patch by upgrading to GitLab 18.10.8, 18.11.5, 19.0.2 or a later release.
  • If an immediate upgrade is not possible, enforce stricter role‑based access controls to prevent unauthorized viewing of issue details.
  • Monitor audit logs for anomalous access to confidential issue data and investigate any suspicious activity.

Generated by OpenCVE AI on June 11, 2026 at 12:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 11 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Description GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to access confidential issue details due to incorrect authorization checks.
Title Incorrect Authorization in GitLab
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-863
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab
References
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Gitlab Gitlab
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-06-11T12:28:57.450Z

Reserved: 2026-03-04T19:03:38.508Z

Link: CVE-2026-3553

cve-icon Vulnrichment

Updated: 2026-06-11T12:28:52.504Z

cve-icon NVD

Status : Received

Published: 2026-06-11T12:16:31.380

Modified: 2026-06-11T12:16:31.380

Link: CVE-2026-3553

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T12:30:14Z

Weaknesses