CVE-2026-3160
Analyzed
Analyzed - Analysis Complete
BaseFortify
Vulnerability report for CVE-2026-3160, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-05-14
Last updated on: 2026-05-16
Assigner: GitLab Inc.
Description
Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter functioning only as a display control rather than enforcing access boundaries as specified.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitlab | gitlab | From 13.7.0 (inc) to 18.9.7 (exc) |
| gitlab | gitlab | From 18.10.0 (inc) to 18.10.6 (exc) |
| gitlab | gitlab | From 18.11.0 (inc) to 18.11.3 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-441 | The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor. |
