7.1
CVE-2025-13772
- EPSS 0.39%
- Veröffentlicht 09.01.2026 10:15:45
- Zuletzt bearbeitet 30.06.2026 03:16:42
- Quelle cve@gitlab.com
- CVE-Watchlists
- Unerledigt
Missing Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.304 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| cve@gitlab.com | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/581268
https://access.redhat.com/security/cve/CVE-2025-13772
https://bugzilla.redhat.com/show_bug.cgi?id=2428224
https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-13772.json