CVE-2024-4472

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-4472

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4472.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-4472

Aliases

BIT-gitlab-2024-4472

Related

UBUNTU-CVE-2024-4472

Published

2024-09-12T19:15:04Z

Modified

2024-10-07T23:30:58Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

fc87c9d4cca1536abcf902b4128f5c2004d87162

Fixed

84cf95d60d2691201b17bb4d41a95987ded847fb