CVE-2026-3160

Published: Mag 14, 2026 Last Modified: Mag 14, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: changed
Confidentiality: low
Integrity: none
Availability: none

Description

AI Translation Available

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter functioning only as a display control rather than enforcing access boundaries as specified.

441

Unintended Proxy or Intermediary ('Confused Deputy')

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Non-Repudiation Access Control
Potential Impacts:
Gain Privileges Or Assume Identity Hide Activities Execute Unauthorized Code Or Commands
Applicable Platforms
All platforms may be affected
View CWE Details
https://about.gitlab.com/releases/2026/05/13/patch-release-…
https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-relea…
https://gitlab.com/gitlab-org/gitlab/-/work_items/591354
https://gitlab.com/gitlab-org/gitlab/-/work_items/591354
https://hackerone.com/reports/3566042
https://hackerone.com/reports/3566042