Note:
This project will be discontinued after December 13, 2021. [more]
2019-07-10
GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token.
| Products | Gitlab |
| Type | Information Exposure Through Log Files (CWE-532) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
• https://gitlab.com/gitlab-org/gitlab-workhorse/issues/182 • http://www.securityfocus.com/bid/109166 |