PT-2026-1715 · Gitlab · Gitlab Ce/Ee
Published
2026-01-07
·
Updated
2026-01-09
·
CVE-2025-13781
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab EE versions 18.5 through 18.5.4
GitLab EE versions 18.6 through 18.6.2
GitLab EE versions 18.7 through 18.7.0
Description
An authenticated user could modify instance-wide AI feature provider settings due to missing authorization checks in GraphQL mutations. The issue affects GitLab EE. The vulnerability allows modification of settings related to AI features. The affected functionality involves GraphQL mutations, which are used to modify data in the GitLab system.
Recommendations
GitLab EE version 18.5.5 or later
GitLab EE version 18.6.3 or later
GitLab EE version 18.7.1 or later
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab Ce/Ee