CVE-2025-13611
Insertion of Sensitive Information into Log File in GitLab
CVSS Score
2.0
EPSS Score
0.0%
EPSS Percentile
3th
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.5.5 and 18.6 before 18.6.3 that could have allowed an authenticated user with access to certain logs to obtain sensitive tokens under specific conditions.
| CWE | CWE-532 |
| Vendor | gitlab |
| Product | gitlab |
| Ecosystems | |
| Industries | Technology |
| Published | Nov 26, 2025 |
| Last Updated | Mar 31, 2026 |
Stay Ahead of the Next One
Get instant alerts for gitlab gitlab
Be the first to know when new low vulnerabilities affecting gitlab gitlab are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected Versions
GitLab / GitLab
13.2 < 18.5.5 18.6 < 18.6.3