CVE-2024-12292: Insertion of Sensitive Information into Log File in GitLab

4.0 CVSS

Description

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs.

Classification

CVE ID: CVE-2024-12292

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.0

Affected Products

Vendor: GitLab

Product: GitLab

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.48% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://gitlab.com/gitlab-org/gitlab/-/issues/475211

Timeline

2024-12-13 00:30:30 UTC
CVE

Insertion of Sensitive Information into Log File in GitLab