{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-11379","assignerOrgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","state":"PUBLISHED","assignerShortName":"GitLab","dateReserved":"2026-06-05T12:50:38.119Z","datePublished":"2026-06-25T04:33:49.041Z","dateUpdated":"2026-06-25T13:11:32.968Z"},"containers":{"cna":{"title":"Incorrect Authorization in GitLab","descriptions":[{"lang":"en","value":"GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under certain conditions."}],"affected":[{"vendor":"GitLab","product":"GitLab","repo":"git://git@gitlab.com:gitlab-org/gitlab.git","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"versions":[{"version":"13.11","status":"affected","lessThan":"18.11.6","versionType":"semver"},{"version":"19.0","status":"affected","lessThan":"19.0.3","versionType":"semver"},{"version":"19.1","status":"affected","lessThan":"19.1.1","versionType":"semver"}],"defaultStatus":"unaffected"}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-863: Incorrect Authorization","cweId":"CWE-863","type":"CWE"}]}],"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/work_items/517659"},{"url":"https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"}}],"solutions":[{"lang":"en","value":"Upgrade to versions 18.11.6, 19.0.3, 19.1.1 or above."}],"credits":[{"lang":"en","value":"This vulnerability has been discovered internally by GitLab team member David Nelson","type":"finder"}],"providerMetadata":{"orgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","shortName":"GitLab","dateUpdated":"2026-06-25T04:33:49.041Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-06-25T13:10:02.747596Z","id":"CVE-2026-11379","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-25T13:11:32.968Z"}}]}}