An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/475211 |
History
Thu, 12 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 12 Dec 2024 11:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs. | |
Title | Insertion of Sensitive Information into Log File in GitLab | |
First Time appeared |
Gitlab
Gitlab gitlab |
|
Weaknesses | CWE-532 | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-12-12T11:30:39.823Z
Updated: 2024-12-12T15:44:52.213Z
Reserved: 2024-12-05T23:02:19.825Z
Link: CVE-2024-12292
Vulnrichment
Updated: 2024-12-12T15:21:19.550Z
NVD
Status : Received
Published: 2024-12-12T12:15:22.470
Modified: 2024-12-12T12:15:22.470
Link: CVE-2024-12292
Redhat
No data.