Unrated severityNVD Advisory· Published Jan 8, 2025· Updated Jan 9, 2025
Insertion of Sensitive Information into Externally-Accessible File or Directory in GitLab
CVE-2025-0194
Description
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 17.4
- (no CPE)range: >=17.4 <17.5.5
- osv-coords11 versionspkg:apk/chainguard/gitlab-base-fips-17.6pkg:apk/chainguard/gitlab-cng-fips-17.6pkg:apk/chainguard/gitlab-container-registry-fips-17.6pkg:apk/chainguard/gitlab-docker-machine-fips-17.7pkg:apk/chainguard/gitlab-elasticsearch-indexer-fips-17.6pkg:apk/chainguard/gitlab-logger-fips-17.6pkg:apk/chainguard/gitlab-runner-fips-17.7pkg:apk/chainguard/gitlab-runner-helper-fips-17.7pkg:apk/chainguard/gitlab-shell-fips-17.6pkg:apk/chainguard/gitlab-toolbox-fips-17.6pkg:bitnami/gitlab
< 17.6.5-r0+ 10 more
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.7.1-r1
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.7.1-r1
- (no CPE)range: < 17.7.1-r1
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: < 17.6.5-r0
- (no CPE)range: >= 17.4.0, < 17.5.5
Patches
Vulnerability mechanics
References
2- gitlab.com/gitlab-org/gitlab/-/issues/489459mitreissue-trackingpermissions-required
- about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/mitre
News mentions
1- GitLab Patch Release: 17.7.1, 17.6.3, 17.5.5GitLab Security Releases · Jan 8, 2025