Webhook Deletion Audit Log Vulnerability in GitLab EE
CVE-2024-7586

7.5HIGH

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 20 June 2025

What is CVE-2024-7586?

A vulnerability has been identified in GitLab EE affecting multiple versions where the webhook deletion audit log improperly preserves authentication credentials. This flaw poses a risk of unauthorized access, as sensitive credentials may remain accessible after webhook deletions. Users should review their audit logs and confirm that no residual information could be exploited.

Affected Version(s)

GitLab 17.0 < 17.0.6

GitLab 17.1 < 17.1.4

GitLab 17.2 < 17.2.2

References

https://gitlab.com/gitlab-org/gitlab/-/issues/463866

issue-trackingpermissions-required

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2025
Vulnerability Reserved
Aug 7, 2024

Credit

This vulnerability was discovered internally by GitLab Team [Anton Smith](https://gitlab.com/anton).

Gitlab

What is CVE-2024-7586?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit