Improper Handling of Parameters in GitLab_CVE-2026-2370

8.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab app due to improper authorization checks.

Basic Information

ID CVE-2026-2370

Source GitLab

Published Mar 29, 2026 at 23:33

Modified Mar 30, 2026 at 15:02

Affected Product

Vendor GitLab

Product GitLab

Version 14.3

Affected Versions GitLab GitLab 14.3
GitLab GitLab 18.9
GitLab GitLab 18.10

CWE Classification

CWE-233

References

{
    "lastseen": "",
    "description": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab app due to improper authorization checks.",
    "published": "2026-03-29T23:33:44.410Z",
    "modified": "2026-03-30T15:02:06.576Z",
    "type": "cve",
    "title": "Improper Handling of Parameters in GitLab",
    "source": "GitLab",
    "references": "https://hackerone.com/reports/3522829\nhttps://gitlab.com/gitlab-org/gitlab/-/work_items/589635\nhttps://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/",
    "id": "CVE-2026-2370",
    "bulletinFamily": "",
    "cwe": [
        "CWE-233"
    ],
    "cvelist": null,
    "sourceData": "GitLab GitLab 14.3\nGitLab GitLab 18.9\nGitLab GitLab 18.10",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GitLab",
    "version": "14.3",
    "vendor": "GitLab",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}