CVE-2025-0194

Published: Jan 8, 2025Modified: Jul 11, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.2 / Impact: 5.2

Source: cve@gitlab.com (Secondary)

Description

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 17.4.0 to 17.5.5
Gitlab Gitlab	From 17.6.0 to 17.6.3
Gitlab Gitlab	From 17.7.0 to 17.7.1
Gitlab Gitlab	From 17.4.0 to 17.5.5
Gitlab Gitlab	From 17.6.0 to 17.6.3
Gitlab Gitlab	From 17.7.0 to 17.7.1

Related CWEs

CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

References (2)

https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#possible-access-token-exposure-in-gitlab-logs

Source: cve@gitlab.com

Release Notes

https://gitlab.com/gitlab-org/gitlab/-/issues/489459

Source: cve@gitlab.com

ExploitIssue TrackingVendor Advisory

Timeline

No history available yet.