CVE-2025-11340

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-11340
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11340.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-11340
Aliases
Downstream
Published
2025-10-09T12:04:20.127Z
Modified
2026-04-10T05:20:38.750859Z
Severity
  • 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
Summary
Incorrect Authorization in GitLab
Details

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records by exploiting incorrectly scoped GraphQL mutations.

Database specific 
{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/11xxx/CVE-2025-11340.json",
    "cwe_ids": [
        "CWE-863"
    ]
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
94282cd9b41643ecd8a82da6cf46834cd9609afe
Fixed
5f66dfbe719f204a376af73ef283481886cf08d2
Database specific 
{
    "versions": [
        {
            "introduced": "18.3"
        },
        {
            "fixed": "18.3.4"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
9255f56b45844196bb7657a9f1fde6aa65a5d08d
Fixed
527e88bdddb02340974a968de1ddcfa4ed7735e5
Database specific 
{
    "versions": [
        {
            "introduced": "18.4"
        },
        {
            "fixed": "18.4.2"
        }
    ]
}

Affected versions

v18.*
v18.3.0-ee
v18.4.0-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11340.json"