https://feed.craftedsignal.io/tags/cve-2026-2370/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 30 Mar 2026 00:16:01 +0000https://feed.craftedsignal.io/briefs/2026-03-gitlab-jira-connect-auth-bypass/Mon, 30 Mar 2026 00:16:01 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-gitlab-jira-connect-auth-bypass/GitLab CE/EE versions 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 are vulnerable to improper authorization checks in Jira Connect installations, allowing an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab application.<p>GitLab has addressed a critical vulnerability, CVE-2026-2370, affecting GitLab CE/EE installations with Jira Connect enabled. This vulnerability impacts versions 14.3 up to 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. The vulnerability stems from improper authorization checks, which enable an authenticated user with minimal workspace permissions within Jira to potentially obtain GitLab installation credentials. This, in turn, allows the attacker to impersonate the GitLab application…</p> highadvisorygitlabjiraauthenticationauthorizationcve-2026-2370