8.1
CVE-2026-1322
- EPSS 0.31%
- Veröffentlicht 14.05.2026 05:36:47
- Zuletzt bearbeitet 16.05.2026 03:37:08
- Quelle cve@gitlab.com
- CVE-Watchlists
- Unerledigt
Business Logic Errors in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a read_api scoped OAuth application to create issues and add comments to issues in private projects due to improper authorization.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.226 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| cve@gitlab.com | 6.8 | 1.6 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
|
https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released/
https://hackerone.com/reports/3508895
https://gitlab.com/gitlab-org/gitlab/-/work_items/587270