An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#possible-access-token-exposure-in-gitlab-logs | Release Notes |
| https://gitlab.com/gitlab-org/gitlab/-/issues/489459 | Exploit Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
11 Jul 2025, 20:34
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Gitlab gitlab
Gitlab |
|
| References | () https://gitlab.com/gitlab-org/gitlab/-/issues/489459 - Exploit, Issue Tracking, Vendor Advisory | |
| References | () https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#possible-access-token-exposure-in-gitlab-logs - Release Notes | |
| CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
09 Jan 2025, 07:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | ||
| Summary | An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner. |
08 Jan 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-01-08 20:15
Updated : 2025-07-11 20:34
NVD link : CVE-2025-0194
Mitre link : CVE-2025-0194
JSON object : View
Products Affected
gitlab
- gitlab
CWE
No CWE.