CVE-2024-7554

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.9 through 17.0.6 GitLab CE/EE versions 17.1 through 17.1.4 GitLab CE/EE versions 17.2 through 17.2.2

Description An issue has been discovered in GitLab CE/EE where access tokens may have been logged when an API request was made in a specific manner. This is related to insufficient protection of service data when processing request parameters. Exploitation of this issue may allow a remote attacker to disclose protected information by sending specially crafted API requests.

Recommendations For GitLab CE/EE versions 13.9 through 17.0.6, update to a version after 17.0.6 to resolve the issue. For GitLab CE/EE versions 17.1 through 17.1.4, update to a version after 17.1.4 to resolve the issue. For GitLab CE/EE versions 17.2 through 17.2.2, update to a version after 17.2.2 to resolve the issue. As a temporary workaround, consider restricting access to API endpoints that may log access tokens until a patch is available.