CVE-2026-11379

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under certain conditions.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

gitlab / gitlab

References

MISChttps://gitlab.com/gitlab-org/gitlab/-/work_items/517659
MISChttps://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/