CVE-2026-2370 GitLab Jira Connect 漏洞，影响14.3-18.10.1

CVE-2026-2370 影响 GitLab CE/EE 中 Jira Connect 的安装，涉及从 14.3 到 18.8.7 之前的版本、18.9 到 18.9.3 之前的版本以及 18.10 到 18.10.1 之前的版本。该漏洞源于不正确的授权检查。具有工作区最小权限的经过身份验证的用户可能能够获取 Jira Connect 安装凭据，并可能冒充 GitLab 应用。这可能允许对 Jira 中敏感数据进行未经授权的访问、配置的篡改，甚至代表 GitLab 执行操作。该漏洞的严重程度在 CVSS 评分中为 8.1，表明存在一个需要立即关注的重要风险。

Organizations heavily reliant on GitLab Jira Connect for integration between their GitLab and Jira systems are at significant risk. This includes teams using shared Jira workspaces or those with overly permissive user roles within Jira Connect. Legacy GitLab installations running older versions (prior to 18.10.1) are particularly vulnerable.

• gitlab: Review GitLab audit logs for suspicious activity related to Jira Connect workspace access and credential retrieval. Look for users with limited permissions attempting to access sensitive configuration data.

gitlab-rails runner 'puts AuditEvent.where(action: 'read_connection').count'

• linux / server: Monitor system logs for unusual processes or connections related to the GitLab Jira Connect service. Use lsof or ss to identify any unexpected network activity.

lsof -i :8080 | grep jira

• generic web: Check GitLab instance configuration files for any signs of unauthorized modifications or suspicious entries related to Jira Connect credentials. • database (postgresql): Query the GitLab database for unusual access patterns or modifications to Jira Connect configuration tables. Use psql to inspect the database.

psql -U postgres -c "SELECT * FROM jira_connect_connections;"

1. 2026-03-29Disclosure

   disclosure

1. 已保留2026-02-11
2. 发布日期2026-03-29
3. 修改日期2026-03-30
4. EPSS 更新日期2026-04-06

为了减轻此风险，我们强烈建议升级到 GitLab 18.10.1 或更高版本。如果您使用的是 18.8.7 之前的版本，请升级到 18.8.7 或更高版本。如果您使用的是 18.9，请升级到 18.9.3 或更高版本。升级可以修复允许利用此漏洞的授权缺陷。请检查 Jira Connect 审计日志，以查找升级前可能发生的任何可疑活动。此外，请检查工作区中的用户权限，以确保应用最小权限原则。有关详细的升级说明，请参阅 GitLab 官方文档。