GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to improper authorization controls.
Metrics
Affected Vendors & Products
References
History
Thu, 09 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 09 Jul 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-266 | |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Wed, 08 Jul 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to improper authorization controls. | |
| Title | Insufficiently Protected Credentials in GitLab | |
| First Time appeared |
Gitlab
Gitlab gitlab |
|
| Weaknesses | CWE-522 | |
| CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Gitlab
Gitlab gitlab |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitLab
Published:
Updated: 2026-07-09T14:15:01.193Z
Reserved: 2026-06-09T20:03:57.026Z
Link: CVE-2026-11827
Updated: 2026-07-09T14:14:57.988Z
No data.
OpenCVE Enrichment
Updated: 2026-07-09T09:15:05Z