Description
GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token.
References (3)
Core 3
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://gitlab.com/gitlab-org/gitlab-workhorse/issues/182
Broken Link, Release Notes, Vendor Advisory x_refsource_confirm
https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/109166
Scores
CVSS v3
6.5
EPSS
0.0014
EPSS Percentile
33.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (1)
gitlab/gitlab
8.0.0 - 11.3.11 (2 CPE variants)
Published
Jul 10, 2019
Tracked Since
Feb 18, 2026