CVE-2025-0194

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#possible-access-token-exposure-in-gitlab-logs	Release Notes
https://gitlab.com/gitlab-org/gitlab/-/issues/489459	Exploit Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

11 Jul 2025, 20:34

Type	Values Removed	Values Added
First Time		Gitlab gitlab Gitlab
CPE		cpe:2.3:a:gitlab:gitlab:::::community:::* cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
References	~~() https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#possible-access-token-exposure-in-gitlab-logs -~~	() https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/#possible-access-token-exposure-in-gitlab-logs - Release Notes
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/489459 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/489459 - Exploit, Issue Tracking, Vendor Advisory
Summary		(es) Se descubrió un problema en GitLab CE/EE que afectaba a todas las versiones a partir de la 17.4 anterior a la 17.5.5, a partir de la 17.6 anterior a la 17.6.3 y a partir de la 17.7 anterior a la 17.7.1. En determinadas circunstancias, es posible que se hayan registrado tokens de acceso cuando se realizaron solicitudes de API de una manera específica.

09 Jan 2025, 07:15

Type	Values Removed	Values Added
Summary	(en) An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.1, starting from 17.6 prior to 17.6.1, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner.	(en) An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner.

08 Jan 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-08 20:15

Updated : 2025-07-11 20:34

NVD link : CVE-2025-0194

Mitre link : CVE-2025-0194

CVE.ORG link : CVE-2025-0194

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory

6.5 /10