Access Token Exposure in GitLab Workhorse Logs

Access Token Exposure in GitLab Workhorse Logs

CVE-2018-19583 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token.

Learn more about our User Device Pen Test.