CVE-2024-12292

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-12292
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12292.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-12292
Aliases
Downstream
Related
Published
2024-12-12T11:30:39.823Z
Modified
2026-04-10T05:08:25.266553Z
Severity
  • 4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Insertion of Sensitive Information into Log File in GitLab
Details

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs.

Database specific 
{
    "cwe_ids": [
        "CWE-532"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/12xxx/CVE-2024-12292.json",
    "cna_assigner": "GitLab"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
c6f72ac9a88521257991aa9a0cc6d558126f5bb9
Fixed
25a55583bbcf724ad625848d48a529467e7c7097
Database specific 
{
    "versions": [
        {
            "introduced": "11.0"
        },
        {
            "fixed": "17.4.6"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
173959793c1163052d16c2158773ea9504aa712e
Fixed
0397324ed14bb7f0ede422841d713fd22349302f
Database specific 
{
    "versions": [
        {
            "introduced": "17.5"
        },
        {
            "fixed": "17.5.4"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
a8830741d3c4ad7f6a70eed38ee7af31f298d093
Fixed
6ff444aad3a327c384b0859be326d042dde090ee
Database specific 
{
    "versions": [
        {
            "introduced": "17.6"
        },
        {
            "fixed": "17.6.2"
        }
    ]
}

Affected versions

v17.*
v17.5.0-ee
v17.6.0-ee
v17.6.2-rc30-ee
v17.6.2-rc31-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12292.json"