CVE-2024-7554

MEDIUM

Gitlab < 17.0.6 - Information Disclosure

Title source: rule

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specific manner.

References (1)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/471555

Scores

CVSS v3 4.9

EPSS 0.0005

EPSS Percentile 14.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (2)

gitlab/gitlab < 17.0.6

Timeline

Published Aug 08, 2024

Tracked Since Feb 18, 2026