VYPR
Unrated severityOSV Advisory· Published Jan 9, 2026· Updated Jan 9, 2026

Missing Authorization in GitLab

CVE-2025-13772

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • GitLab Inc./GitLabOSV2 versions
    v18.6.0-ee, v18.7.0-ee+ 1 more
    • (no CPE)range: v18.6.0-ee, v18.7.0-ee
    • (no CPE)range: 18.4 before 18.5.5, 18.6 before 18.6.3, 18.7 before 18.7.1
  • osv-coords
    Range: >= 18.4.0, < 18.5.5

Patches

Vulnerability mechanics

References

2

News mentions

1