CVE-2024-7554
Exposure of Sensitive Information to an Unauthorized Actor in GitLab
6.5
MEDIUM
CVSS 3.1
EPSS 0.05%
Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specific manner.
How to fix CVE-2024-7554
To remediate CVE-2024-7554, upgrade the affected package to a fixed version below.
- —upgrade to 17.0.6 or later
Is CVE-2024-7554 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 13.9.0, < 17.0.6, >= 17.1.0, < 17.1.4, >= 17.2.0, < 17.2.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |