{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-2370/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["gitlab","jira","authentication","authorization","cve-2026-2370"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eGitLab has addressed a critical vulnerability, CVE-2026-2370, affecting GitLab CE/EE installations with Jira Connect enabled.  This vulnerability impacts versions 14.3 up to 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. The vulnerability stems from improper authorization checks, which enable an authenticated user with minimal workspace permissions within Jira to potentially obtain GitLab installation credentials. This, in turn, allows the attacker to impersonate the GitLab application…\u003c/p\u003e\n","date_modified":"2026-03-30T00:16:01Z","date_published":"2026-03-30T00:16:01Z","id":"/briefs/2026-03-gitlab-jira-connect-auth-bypass/","summary":"GitLab CE/EE versions 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 are vulnerable to improper authorization checks in Jira Connect installations, allowing an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab application.","title":"GitLab Jira Connect Authentication Bypass Vulnerability (CVE-2026-2370)","url":"https://feed.craftedsignal.io/briefs/2026-03-gitlab-jira-connect-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-2370","version":"https://jsonfeed.org/version/1.1"}