GitLab Jira Connect Authentication Bypass Vulnerability (CVE-2026-2370)
GitLab CE/EE versions 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 are vulnerable to improper authorization checks in Jira Connect installations, allowing an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab application.
GitLab has addressed a critical vulnerability, CVE-2026-2370, affecting GitLab CE/EE installations with Jira Connect enabled. This vulnerability impacts versions 14.3 up to 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. The vulnerability stems from improper authorization checks, which enable an authenticated user with minimal workspace permissions within Jira to potentially obtain GitLab installation credentials. This, in turn, allows the attacker to impersonate the GitLab application…
Detection coverage 2
Detect Suspicious Jira Connect Activity
mediumDetects potential exploitation attempts related to Jira Connect by monitoring for unusual requests to Jira Connect endpoints.
Detect Unauthorized Credential Access via Jira Connect
highDetects potential unauthorized access to credentials related to the Jira Connect integration by monitoring authentication logs for unusual activity.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1