EUVD-2026-30226
GHSA-255c-fxwg-6753
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter functioning only as a display control rather than enforcing access boundaries as specified.
AnalysisAI
GitLab's Jira integration exposes out-of-scope Jira issues to authenticated GitLab users across all editions (CE and EE) from version 13.7 through the patched releases, due to the integration's project-scope filter operating only as a UI display control rather than an enforced access boundary. The Changed scope (S:C) in the CVSS vector reflects that impact crosses into Atlassian Jira - a component outside GitLab's own trust domain - allowing confidential Jira issue data to leak beyond intended project boundaries. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The GitLab Jira integration must be configured and active on the target GitLab project or instance - this vulnerability does not affect GitLab instances without any Jira integration enabled. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Multiple risk signals converge on a low-to-moderate real-world priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated GitLab user on a self-managed instance - even one with minimal project-level permissions - navigates to a GitLab project that has the Jira integration enabled and queries Jira issues through the integration interface. Because the scope filter is only a display control, the user can manipulate or observe API responses to access Jira issues from projects outside the configured GitLab project scope, potentially reading confidential Jira tickets, internal roadmap items, or sensitive issue metadata. … |
| Remediation | Upgrade to one of the following patched releases as appropriate for your current track: GitLab 18.11.3, GitLab 18.10.6, or GitLab 18.9.7. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Two-factor authentication bypass in syracom AG Secure Login (2FA) plugin 3.4.0.x for Atlassian Jira, Confluence, and Bit
Remote code execution in GeoServer (versions prior to 2.27.0) with the DB2 extension installed allows authenticated admi
Arbitrary file write in GeoServer's Master Password Dump web page allows an authenticated administrator to write attacke
Server-Side Request Forgery in GeoServer's XML entity resolution allows unauthenticated remote attackers to cause the se
Share
External POC / Exploit Code
Leaving vuln.today