{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2104", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2026-02-06T14:04:19.833Z", "datePublished": "2026-04-08T22:25:47.858Z", "dateUpdated": "2026-04-09T15:43:25.441Z"}, "containers": {"cna": {"title": "Authorization Bypass Through User-Controlled Key in GitLab", "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "18.2", "status": "affected", "lessThan": "18.8.9", "versionType": "semver"}, {"version": "18.9", "status": "affected", "lessThan": "18.9.5", "versionType": "semver"}, {"version": "18.10", "status": "affected", "lessThan": "18.10.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "cweId": "CWE-639", "type": "CWE"}]}], "references": [{"url": "https://hackerone.com/reports/3541476", "name": "HackerOne Bug Bounty Report #3541476", "tags": ["technical-description", "exploit", "permissions-required"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/589021"}, {"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 18.8.9, 18.9.5, 18.10.3 or above."}], "credits": [{"lang": "en", "value": "Thanks [ahacker1](https://hackerone.com/ahacker1) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-04-08T22:25:47.858Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T15:43:15.918452Z", "id": "CVE-2026-2104", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T15:43:25.441Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2104", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-09T15:43:15.918452Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T15:43:21.363Z"}}], "cna": {"title": "Authorization Bypass Through User-Controlled Key in GitLab", "credits": [{"lang": "en", "type": "finder", "value": "Thanks [ahacker1](https://hackerone.com/ahacker1) for reporting this vulnerability through our HackerOne bug bounty program"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "vendor": "GitLab", "product": "GitLab", "versions": [{"status": "affected", "version": "18.2", "lessThan": "18.8.9", "versionType": "semver"}, {"status": "affected", "version": "18.9", "lessThan": "18.9.5", "versionType": "semver"}, {"status": "affected", "version": "18.10", "lessThan": "18.10.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 18.8.9, 18.9.5, 18.10.3 or above."}], "references": [{"url": "https://hackerone.com/reports/3541476", "name": "HackerOne Bug Bounty Report #3541476", "tags": ["technical-description", "exploit", "permissions-required"]}, {"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/589021"}, {"url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/"}], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-04-08T22:25:47.858Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2104", "state": "PUBLISHED", "dateUpdated": "2026-04-09T15:43:25.441Z", "dateReserved": "2026-02-06T14:04:19.833Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2026-04-08T22:25:47.858Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks."}], "id": "CVE-2026-2104", "lastModified": "2026-04-08T23:16:58.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2026-04-08T23:16:58.393", "references": [{"source": "cve@gitlab.com", "url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/"}, {"source": "cve@gitlab.com", "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/589021"}, {"source": "cve@gitlab.com", "url": "https://hackerone.com/reports/3541476"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "cve@gitlab.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[18.2,18.8.9)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[18.9,18.9.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[18.10,18.10.3)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "GitLab", "source": "cna", "vendor": "GitLab"}, "product": "gitlab", "vendor": "gitlab"}], "analysis": {"en": {"generated_at": "2026-04-08T23:51:29.657035+00:00", "value": {"mitigation_remediation": ["Upgrade to GitLab CE/EE 18.8.9, 18.9.5, 18.10.3 or later.", "Verify that the upgrade has been applied by checking the GitLab version.", "Validate that CSV export no longer returns confidential issue data for unauthorized users."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized access to confidential issue data via CSV export"}, "threat_synthesis": {"affected_systems": "GitLab Community Edition and Enterprise Edition releases from 18.2 up to before 18.8.9, from 18.9 up to before 18.9.5, and from 18.10 up to before 18.10.3 are vulnerable. Deployments running any of those versions are at risk.", "description_and_impact": "The vulnerability originates from missing authorization checks in the CSV export endpoint for issues. An authenticated user can trigger the export and retrieve issue data that includes confidential information tied to other users. This flaw results in unauthorized disclosure of sensitive issue content, a breach of confidentiality, and is characterized as an authorization bypass (CWE\u2011639). No compromise of integrity or availability is directly described.", "risk_and_exploitability": "The CVSS base score of 4.3 indicates moderate severity. Exploit probability is not provided by EPSS, and the flaw does not appear in the CISA KEV catalog. An attacker must first authenticate to the GitLab instance to use the CSV export feature, so the potential vector is internal or compromised accounts. If successful, the attacker can drain confidential issue data, but no full system compromise is described."}}}}, "created": "2026-04-09T08:16:12.620878+00:00", "updated": "2026-04-09T08:25:38.421248+00:00", "vendors": ["gitlab", "gitlab$PRODUCT$gitlab"]}