VDB

CVE-2024-12292

CVE-2024-12292 PUBLISHED

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs.

EPSS 0.02% · 6.0th percentile

Risk Scores

EPSS Score
0.02%
6.0th percentile

Affected Products

VendorProductVersions
Bitnamigitlab11.0.0, 17.5.0, 17.6.0
Bitnamigitlab17.5.0, 17.6.0, 11.0.0

Timeline

  • Jan 21, 1970 Security Advisory
  • Dec 10, 2024 CVE Published
  • Dec 11, 2024 PoC Published
  • Dec 12, 2024 PoC Published
  • Dec 13, 2024 EPSS Score
  • Dec 30, 2024 EPSS Score
  • Jan 15, 2025 EPSS Score
  • Feb 1, 2025 EPSS Score
  • Feb 17, 2025 EPSS Score
  • Mar 6, 2025 EPSS Score
  • Mar 23, 2025 EPSS Score
  • Apr 2, 2025 Coalition ESS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›