CVE-2026-2370 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 30, 2026
GitLab CE/EE - Broken Access Control
Published: March 30, 2026Updated: March 30, 2026Remote Exploitable
Overview
GitLab CE/EE >= 14.3 and < 18.8.7, 18.9 < 18.9.3, and 18.10 < 18.10.1 contains a broken access control caused by improper authorization checks in Jira Connect installations, letting authenticated users with minimal workspace permissions obtain installation credentials and impersonate the GitLab app.
Severity & Score
Severity: High
CVSS Score: 8.1
Impact
Authenticated users with minimal permissions can obtain credentials and impersonate the GitLab app, risking unauthorized actions and data access.
Mitigation
Update to GitLab CE/EE 18.8.7, 18.9.3, 18.10.1 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-2370
- Severity
- High
- CVSS Score
- 8.1
- Type
- broken_access_control
- Status
- new
CWE
- CWE-233
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N