Webhook Deletion Audit Log Vulnerability in GitLab EE
CVE-2024-7586

4.1MEDIUM

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 20 June 2025

What is CVE-2024-7586?

A vulnerability has been identified in GitLab EE affecting multiple versions where the webhook deletion audit log improperly preserves authentication credentials. This flaw poses a risk of unauthorized access, as sensitive credentials may remain accessible after webhook deletions. Users should review their audit logs and confirm that no residual information could be exploited.

Affected Version(s)

GitLab 17.0 < 17.0.6

GitLab 17.1 < 17.1.4

GitLab 17.2 < 17.2.2

References

https://gitlab.com/gitlab-org/gitlab/-/issues/463866

issue-trackingpermissions-required

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2025
Vulnerability Reserved
Aug 7, 2024

Credit

This vulnerability was discovered internally by GitLab Team [Anton Smith](https://gitlab.com/anton).