GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls on cross-project reference pages.
Metrics
Affected Vendors & Products
References
History
Thu, 09 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls on cross-project reference pages. | |
| Title | Missing Authorization in GitLab | |
| First Time appeared |
Gitlab
Gitlab gitlab |
|
| Weaknesses | CWE-862 | |
| CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Gitlab
Gitlab gitlab |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitLab
Published:
Updated: 2026-07-09T14:14:15.159Z
Reserved: 2026-04-30T09:04:45.873Z
Link: CVE-2026-7492
Updated: 2026-07-09T14:14:11.483Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-09T04:15:12Z