CVE-2018-19583

Published: Jul 10, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 11.4.0 to 11.4.8
Gitlab Gitlab	From 11.5.0 to 11.5.1
Gitlab Gitlab	From 8.0.0 to 11.3.11
Gitlab Gitlab	From 11.4.0 to 11.4.8
Gitlab Gitlab	From 11.5.0 to 11.5.1
Gitlab Gitlab	From 8.0.0 to 11.3.11

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (6)

http://www.securityfocus.com/bid/109166

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/

Source: cve@mitre.org

Broken LinkRelease NotesVendor Advisory

https://gitlab.com/gitlab-org/gitlab-workhorse/issues/182

Source: cve@mitre.org

Issue TrackingVendor Advisory

http://www.securityfocus.com/bid/109166

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkRelease NotesVendor Advisory

https://gitlab.com/gitlab-org/gitlab-workhorse/issues/182

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.