Home
MEDIUM: 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NDefault status
unaffected
11.0 (semver) before 17.4.6
affected
17.5 (semver) before 17.5.4
affected
17.6 (semver) before 17.6.2
affected
Description
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs.
Problem types
CWE-532: Insertion of Sensitive Information into Log File
Product status
11.0 (semver) before 17.4.6
17.5 (semver) before 17.5.4
17.6 (semver) before 17.6.2
Credits
This issue was discovered internally by GitLab team member [Radamanthus Batnag](https://gitlab.com/radbatnag).
References
gitlab.com/gitlab-org/gitlab/-/issues/475211 (GitLab Issue #475211)