PT-2024-10156 · Gitlab · Gitlab Ce/Ee
Published
2024-12-06
·
Updated
2025-07-11
·
CVE-2024-12292
CVSS v3.1
4.0
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 11.0 through 17.4.6
GitLab CE/EE versions 17.5 through 17.5.4
GitLab CE/EE versions 17.6 through 17.6.2
Description
The issue is related to the GraphQL Mutation Handler component of the GitLab platform, which can lead to the disclosure of sensitive information through registration files. This may allow an attacker to gain unauthorized access to protected information. Sensitive information passed in GraphQL mutations may have been retained in GraphQL logs.
Recommendations
For GitLab CE/EE versions 11.0 through 17.4.6, upgrade to version 17.4.6 to secure your environment.
For GitLab CE/EE versions 17.5 through 17.5.4, upgrade to version 17.5.4 to secure your environment.
For GitLab CE/EE versions 17.6 through 17.6.2, upgrade to version 17.6.2 to secure your environment.
Exploit
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab Ce/Ee