Access Tokens May Have Been Logged in Certain Conditions
CVE-2024-7554
6.5MEDIUM
Summary
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specific manner.
Affected Version(s)
GitLab < 17.0.6
GitLab < 17.1.4
GitLab < 17.2.2
Refferences
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
This vulnerability was discovered internally by GitLab team member [Dominic Couture](https://gitlab.com/dcouture).