vulnerability
Gitlab Gitlab: CVE-2018-19583: Insertion of Sensitive Information into Log File
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Jul 10, 2019 | Apr 22, 2025 | Mar 25, 2026 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Jul 10, 2019
Added
Apr 22, 2025
Modified
Mar 25, 2026
Description
GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token.
Solution
gitlab-gitlab-upgrade-latest
References
- CWE-532
- CVE-2018-19583
- https://attackerkb.com/topics/CVE-2018-19583
- http://www.securityfocus.com/bid/109166
- https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
- https://gitlab.com/gitlab-org/gitlab-workhorse/issues/182
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-11272
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.