CVE-2026-8330

MEDIUM

Insertion of Sensitive Information into Log File in GitLab

Title source: cna
STIX 2.1

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint.

Scores

CVSS v3 4.4
EPSS 0.0013
EPSS Percentile 3.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-532
Status published
Products (5)
gitlab/gitlab 19.1.0
GitLab/GitLab 19.0 - 19.0.3
GitLab/GitLab 19.1 - 19.1.1
GitLab/GitLab 9.3 - 18.11.6
gitlab/gitlab 9.3.0 - 18.11.6
Published Jun 25, 2026
Tracked Since Jun 25, 2026