{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-7586","assignerOrgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","state":"PUBLISHED","assignerShortName":"GitLab","dateReserved":"2024-08-07T08:02:18.822Z","datePublished":"2025-06-20T13:58:37.159Z","dateUpdated":"2025-06-20T14:53:39.330Z"},"containers":{"cna":{"title":"Insertion of Sensitive Information into Log File in GitLab","descriptions":[{"lang":"en","value":"An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials."}],"affected":[{"vendor":"GitLab","product":"GitLab","repo":"git://git@gitlab.com:gitlab-org/gitlab.git","cpes":["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"],"versions":[{"version":"17.0","status":"affected","lessThan":"17.0.6","versionType":"semver"},{"version":"17.1","status":"affected","lessThan":"17.1.4","versionType":"semver"},{"version":"17.2","status":"affected","lessThan":"17.2.2","versionType":"semver"}],"defaultStatus":"unaffected"}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-532: Insertion of Sensitive Information into Log File","cweId":"CWE-532","type":"CWE"}]}],"references":[{"url":"https://gitlab.com/gitlab-org/gitlab/-/issues/463866","name":"GitLab Issue #463866","tags":["issue-tracking","permissions-required"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.1,"baseSeverity":"MEDIUM"}}],"solutions":[{"lang":"en","value":"Upgrade to versions 17.2.2, 17.1.4, 17.0.6 or above."}],"credits":[{"lang":"en","value":"This vulnerability was discovered internally by GitLab Team [Anton Smith](https://gitlab.com/anton).","type":"finder"}],"providerMetadata":{"orgId":"ceab7361-8a18-47b1-92ba-4d7d25f6715a","shortName":"GitLab","dateUpdated":"2025-06-20T13:58:37.159Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-06-20T14:52:57.204671Z","id":"CVE-2024-7586","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-20T14:53:39.330Z"}}]}}