GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| GitLab | GitLab | unaffected |
|
No data.
No data.
No data.
Advisories
No advisories yet.
Fixes
Solution
Upgrade to versions 18.11.6, 19.0.3, 19.1.1 or above.
Workaround
No workaround given by the vendor.
References
History
Thu, 25 Jun 2026 05:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint. | |
| Title | Insertion of Sensitive Information into Log File in GitLab | |
| First Time appeared |
Gitlab
Gitlab gitlab |
|
| Weaknesses | CWE-532 | |
| CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Gitlab
Gitlab gitlab |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: GitLab
Published:
Updated: 2026-06-25T04:34:04.042Z
Reserved: 2026-05-11T15:06:21.504Z
Link: CVE-2026-8330
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses