Primary

Context

GitLab CE/EE Improper Authorization Vulnerability in Jira Connect Installations

Vulnerability

Patched

A vulnerability has been addressed in GitLab Community Edition (CE) and Enterprise Edition (EE) versions 14.3 prior to 18.8.7, 18.9 prior to 18.9.3, and 18.10 prior to 18.10.1. This vulnerability, which affects Jira Connect installations, could have allowed an authenticated user with limited workspace permissions to access installation credentials and impersonate the GitLab app. The issue arose from inadequate authorization checks.

Impact

Exploitation of this vulnerability could have led to unauthorized access to installation credentials, allowing an authenticated user to impersonate the GitLab app.

Remediation

Users are advised to upgrade to GitLab versions 18.10.1, 18.9.3, or 18.8.7. Instructions for updating GitLab can be found on the GitLab Update page. Note that the SLES 12.5 package is not available for GitLab 18.10.1.

Added: Mar 30, 2026, 12:18 AM

Updated: Mar 30, 2026, 12:18 AM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

5.0

exploitability

6.2

remediation

7.7

relevance

4.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

5.0

exploitability

6.2

remediation

7.7

relevance

4.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab CE/EE Improper Authorization Vulnerability in Jira Connect Installations

Vulnerability

Impact

Remediation

Affected Products

GitLab

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating