CVE-2026-1182

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/work_items/586613	Broken Link
https://hackerone.com/reports/3515716	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

13 Mar 2026, 13:20

Type	Values Removed	Values Added
References	~~() https://gitlab.com/gitlab-org/gitlab/-/work_items/586613 -~~	() https://gitlab.com/gitlab-org/gitlab/-/work_items/586613 - Broken Link
References	~~() https://hackerone.com/reports/3515716 -~~	() https://hackerone.com/reports/3515716 - Permissions Required
First Time		Gitlab Gitlab gitlab
CPE		cpe:2.3:a:gitlab:gitlab:::::enterprise:::* cpe:2.3:a:gitlab:gitlab:::::community:::*

12 Mar 2026, 21:07

Type	Values Removed	Values Added
Summary		(es) GitLab ha remediado un problema en GitLab CE/EE que afecta a todas las versiones desde la 8.14 anteriores a la 18.7.6, la 18.8 anteriores a la 18.8.6, y la 18.9 anteriores a la 18.9.2 que podría haber permitido a un usuario autenticado obtener acceso no autorizado al título de un problema confidencial creado en proyectos públicos bajo ciertas circunstancias.

12 Mar 2026, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-12 02:15

Updated : 2026-03-13 13:20

NVD link : CVE-2026-1182

Mitre link : CVE-2026-1182

CVE.ORG link : CVE-2026-1182

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-212

Improper Removal of Sensitive Information Before Storage or Transfer

{"id": "CVE-2026-1182", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2026-03-12T02:15:58.433", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/586613", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/3515716", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-212"}]}], "descriptions": [{"lang": "en", "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances."}, {"lang": "es", "value": "GitLab ha remediado un problema en GitLab CE/EE que afecta a todas las versiones desde la 8.14 anteriores a la 18.7.6, la 18.8 anteriores a la 18.8.6, y la 18.9 anteriores a la 18.9.2 que podr\u00eda haber permitido a un usuario autenticado obtener acceso no autorizado al t\u00edtulo de un problema confidencial creado en proyectos p\u00fablicos bajo ciertas circunstancias."}], "lastModified": "2026-03-13T13:20:51.587", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "770437A8-2C1C-4D95-A6A9-25C2F337B0D7", "versionEndExcluding": "18.7.6", "versionStartIncluding": "8.14.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "19BFB4A2-0CAE-47F6-9081-9E3400ED218C", "versionEndExcluding": "18.7.6", "versionStartIncluding": "8.14.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "B703CB01-7F6D-4D6E-AE88-CF2F8012CA27", "versionEndExcluding": "18.8.6", "versionStartIncluding": "18.8.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "2B1F834B-A628-4894-A531-1A2A60DD58D7", "versionEndExcluding": "18.8.6", "versionStartIncluding": "18.8.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "44EAE9A6-5ED9-42F6-9BBD-0E2F8072F0D9", "versionEndExcluding": "18.9.2", "versionStartIncluding": "18.9.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "12A2DEC0-C471-4C98-960C-405209403AB9", "versionEndExcluding": "18.9.2", "versionStartIncluding": "18.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}