<Vulnerability name="CVE-2026-7492">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Moderate</ThreatSeverity>
    <PublicDate>2026-07-08T20:46:33</PublicDate>
    <Bugzilla id="2498285" url="https://bugzilla.redhat.com/show_bug.cgi?id=2498285" xml:lang="en:us">
gitlab-ee: gitlab: GitLab: Information disclosure of private project existence via improper authorization
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>5.3</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-862</CWE>
    <Details xml:lang="en:us" source="Mitre">
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls on cross-project reference pages.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in GitLab. Under certain conditions, an unauthenticated user could determine the existence of a private project. This information disclosure is possible due to improper authorization controls on cross-project reference pages. This vulnerability allows an attacker to gain sensitive information about private projects.
    </Details>
    <Statement xml:lang="en:us">
Red Hat does not ship or distribute GitLab Community Edition (CE) or Enterprise Edition (EE), the products affected by this flaw. This CVE was matched to Red Hat container images (OpenShift Console, OpenShift Pipelines Console Plugin) solely because they bundle an unrelated third-party npm client library named "gitlab" (node-gitlab, github.com/jdalrymple/node-gitlab), a REST API wrapper for calling a remote GitLab server. This client library does not contain the GitLab server-side authorization logic affected by this vulnerability, and Red Hat products are not affected.
    </Statement>
    <Mitigation xml:lang="en:us">
Not applicable; Red Hat products are not affected by this vulnerability.
    </Mitigation>
    <PackageState cpe="cpe:/a:redhat:openshift_pipelines:1">
        <ProductName>OpenShift Pipelines</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>openshift-pipelines/pipelines-console-plugin-pf5-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openshift_pipelines:1">
        <ProductName>OpenShift Pipelines</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>openshift-pipelines/pipelines-console-plugin-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openshift:4">
        <ProductName>Red Hat OpenShift Container Platform 4</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>openshift4/ose-console</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openshift:4">
        <ProductName>Red Hat OpenShift Container Platform 4</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>openshift4/ose-console-rhel9</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-7492
https://nvd.nist.gov/vuln/detail/CVE-2026-7492
https://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-2-released/
https://gitlab.com/gitlab-org/gitlab/-/work_items/597947
https://hackerone.com/reports/3704739
    </References>
</Vulnerability>