CVE-2026-2370

HIGH

Published:Mar 30, 2026(Today)

Modified:Mar 30, 2026

AI Explanation

A vulnerability in GitLab CE/EE allows an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab app due to improper authorization checks. This affects Jira Connect installations in versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. An attacker could exploit this to gain unauthorized access and control.

Developers and organizations using GitLab CE/EE with Jira Connect installations are at high risk of unauthorized access and control due to this vulnerability, with a CVSS score of 8.1 indicating a high severity issue.

Network AccessLow ComplexityLow PrivilegesNo User Interaction

How to Fix

1Update GitLab CE/EE to version 18.8.7 or later for versions 14.3 to 18.8, 2. Update to version 18.9.3 or later for version 18.9, 3. Update to version 18.10.1 or later for version 18.10, 4. Verify that Jira Connect installations are properly configured and secured after updating

References

https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-1...
https://gitlab.com/gitlab-org/gitlab/-/work_items/589635
https://hackerone.com/reports/3522829

CVSS Score

v3.1

8.1/ 10.0

HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

At a Glance

Affected Products

References

CVSS v3 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVE-2026-2370

✦ AI Explanation

How to Fix

References

CVSS Score

At a Glance

CVSS v3 Vector

Impact Analysis

AI Explanation