An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs.
History

Wed, 18 Sep 2024 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Fri, 13 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 12 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 12 Sep 2024 18:45:00 +0000

Type Values Removed Values Added
Description An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs.
Title Insertion of Sensitive Information into Log File in GitLab
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-532
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab
References
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-09-12T18:26:38.059Z

Updated: 2024-09-13T14:17:33.408Z

Reserved: 2024-05-03T19:01:56.920Z

Link: CVE-2024-4472

cve-icon Vulnrichment

Updated: 2024-09-13T14:17:33.408Z

cve-icon NVD

Status : Modified

Published: 2024-09-12T19:15:04.233

Modified: 2024-11-21T09:42:53.583

Link: CVE-2024-4472

cve-icon Redhat

No data.