All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-11379
MEDIUMpublished 2026-06-25 05:16 UTC · 3 days ago · modified 2026-06-26 18:34 UTC
5.3
CVSS / 10
// description
GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under certain conditions.
// cvss 3.1 vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
// weaknesses (CWE)
- CWE-863