CVE-2026-2370Improper Handling of Parameters in Gitlab

CWE-233Improper Handling of Parameters81 documents7 sources
Severity
8.8HIGHNVD
EPSS
0.0%
top 99.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GitlabDebian GitlabGitlab CE
Timeline
PublishedMar 30

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab app due to improper authorization checks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

CVEListV5gitlab/gitlab14.318.8.7+2
NVDgitlab/gitlab14.3.018.8.7+2
debiandebian/gitlab
gitlabgitlab/gitlab

Patches

Patch: about.gitlab.com

🔴Vulnerability Details

2
OSV
CVE-2026-2370: GitLab has remediated an issue in GitLab CE/EE affecting all versions from 142026-03-30
GHSA
GHSA-g68w-w4h2-fr59: GitLab has remediated an issue in GitLab CE/EE affecting all versions from 142026-03-30

📋Vendor Advisories

3
GitLab
CVE-2026-2370: GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting2026-03-30
Red Hat
GitLab: GitLab: Improper authorization allows credential disclosure and GitLab app impersonation2026-03-29
Debian
CVE-2026-2370: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 ...2026

🕵️Threat Intelligence

75
Wiz
CVE-2026-4363 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2025-3950 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2025-12555 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2025-14513 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2025-12029 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-2370 — Improper Handling of Parameters | cvebase