Unrated severityNVD Advisory· Published Nov 9, 2022· Updated May 1, 2025

CVE-2022-2761

Description

An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have access to.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

GitLab CE/EE 14.4-15.5.1 leaks private resource names via GFM references in Jira issue descriptions, allowing unauthorized disclosure.

Vulnerability

The vulnerability resides in GitLab's Jira integration, where GitLab Flavored Markdown (GFM) references in Jira issue descriptions are rendered without redaction. Affected versions are GitLab CE/EE from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. An attacker can embed a GFM reference to a private or confidential resource (e.g., an issue in a private project) in a Jira issue description. When that Jira issue is viewed in GitLab, the reference is rendered as a link, revealing the resource's title to unauthorized users. [1]

Exploitation

An attacker needs a GitLab account with a premium subscription (free trial works) and access to a Jira server (cloud or self-managed). The attacker configures the Jira integration in a GitLab project, then creates a Jira issue with a description containing a GFM reference to a private resource (e.g., victim/project-a#1). When the attacker views that Jira issue in GitLab (via Issues/Jira issues), the reference is rendered. By inspecting the link's source or hovering, the attacker can see the title of the referenced resource, thus disclosing information they should not have access to. [1]

Impact

Successful exploitation allows an attacker to discover the names (titles) of private or confidential GitLab resources, such as issues in private projects, that they are not authorized to view. This is an information disclosure vulnerability that compromises confidentiality. The attacker does not gain write access or code execution, but can infer sensitive project activity. [1]

Mitigation

GitLab released fixed versions: 15.3.5, 15.4.4, and 15.5.2 on 2022-11-09. Users should upgrade to these or later versions. No workaround is available; the fix redacts GFM references in Jira issue descriptions. The vulnerability is not listed in CISA KEV as of this writing. [1]

References

Arbitrary GFM references rendered in Jira issue description leak private/confidential resources (#370458) · Issues · GitLab.org / GitLab · GitLab

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

GitLab Inc./CE/EEllm-fuzzy
Range: >=14.4 <15.3.5, >=15.4 <15.4.4, >=15.5 <15.5.2
osv-coords
pkg:bitnami/gitlab
Range: >= 13.9.0, < 15.3.5
GitLab Inc./GitLabv5
Range: >=13.9, <15.3.5

Patches

No patches discovered yet.

Vulnerability mechanics

Root cause

"Missing access-control redaction in the JiraGfmPipeline allows GFM references to be rendered without checking whether the referencing user has permission to view the referenced resource."

Attack vector

An attacker with a GitLab premium subscription configures the Jira integration in a project, then creates a Jira issue whose description contains GitLab Flavored Markdown (GFM) references (e.g., `victim/project-a#1`) pointing to private or confidential resources. When the attacker views that Jira issue inside GitLab, the `JiraGfmPipeline` renders the GFM references without redacting them, disclosing the title (and existence) of resources the attacker should not be able to access [ref_id=1]. The attacker can systematically enumerate issue numbers (e.g., starting from 1 of `gitlab-org/gitlab`) to leak titles of private or confidential issues and merge requests.

Affected code

The vulnerability lies in the `JiraGfmPipeline` pipeline, which renders Jira issue descriptions using GFM but does not redact references to private or confidential resources [ref_id=1]. No specific file paths or function names are provided in the advisory.

What the fix does

No patch is included in the bundle. The advisory [ref_id=1] indicates the vulnerability was reported via HackerOne and assigned to GitLab engineer @ngeorge1. Based on the description, the remediation would require the `JiraGfmPipeline` to apply the same access-control redaction logic that other GFM rendering pipelines use, so that references to private or confidential resources are not expanded for unauthorized viewers. The fix was released in GitLab versions 15.3.5, 15.4.4, and 15.5.2.

Preconditions

configAttacker must have a GitLab premium subscription (or free trial) to enable the Jira integration.
configAttacker must have access to a Jira server (cloud or self-managed) and configure the Jira integration in a GitLab project.
inputAttacker must create a Jira issue whose description contains GFM references (e.g., `namespace/project#issue_number`) to private or confidential resources.

Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000