Description
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances.
Published: 2026-03-12
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Disclosure of Confidential Issue Titles
Action: Apply Patch
AI Analysis

Impact

GitLab has been found to allow an authenticated user to read confidential issue titles that were created in public projects under specific conditions due to improper removal of sensitive information before storage or transfer. The vulnerability is classified as CWE‑212, which involves handling sensitive data improperly. As a result, confidentiality of issue information can be compromised. The impact is that an attacker with valid user credentials could gain unauthorized access to confidential labels or titles that were intended to remain private.

Affected Systems

All GitLab Community Edition and Enterprise Edition versions from 8.14 up to, but not including, 18.7.6, from 18.8 up to, but not including, 18.8.6, and from 18.9 up to, but not including, 18.9.2 are affected. This includes all community and enterprise releases listed in the supplied CPEs.

Risk and Exploitability

The CVSS score is 4.3, indicating moderate severity, while the EPSS score is below 1%, suggesting low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires a legitimate authenticated session; no evidence of remote exploitation is provided in the description. Consequently, the risk is bounded to accounts that have legitimate access to GitLab, making the threat primarily significant within teams and organizations that use public projects with sensitive issue titles.

Generated by OpenCVE AI on March 18, 2026 at 14:47 UTC.

Remediation

Vendor Solution

Upgrade to versions 18.7.6, 18.8.6, 18.9.2 or above.

OpenCVE Recommended Actions

  • Upgrade GitLab to version 18.7.6, 18.8.6, or 18.9.2 or later.

Generated by OpenCVE AI on March 18, 2026 at 14:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Thu, 12 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 02:00:00 +0000

Type Values Removed Values Added
Description GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances.
Title Improper Removal of Sensitive Information Before Storage or Transfer in GitLab
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-212
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Gitlab Gitlab
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-03-12T13:25:11.338Z

Reserved: 2026-01-19T12:05:43.671Z

Link: CVE-2026-1182

cve-icon Vulnrichment

Updated: 2026-03-12T13:25:06.786Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T02:15:58.433

Modified: 2026-03-13T13:20:51.587

Link: CVE-2026-1182

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:36:17Z

Weaknesses