CVE-2024-7586 – GitLab EE Webhook Deletion Audit Log Authentication Credentials Disclosure

June 20, 2025

CVE ID : CVE-2024-7586

Published : June 20, 2025, 2:15 p.m. | 28 minutes ago

Description : An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials.

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-32875 – COROS Bluetooth Pairing and Bonding Unencrypted Data Exfiltration

Next Article CVE-2024-53298 – Dell PowerScale OneFS NFS Export Missing Authorization Vulnerability

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

Borderlands 4 is killing off a tired “FOMO” trend — I hope other developers follow suit

Dr. Axel’s JavaScript flashcards

Dr. Axel’s JavaScript flashcards

Syntax-Highlight – Custom Element For Syntax Highlighting Content

WelsonJS – Build a Windows app on the Windows built-in JavaScript engine

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

CVE-2024-7586 – GitLab EE Webhook Deletion Audit Log Authentication Credentials Disclosure

CVE-2025-49763: Apache Traffic Server Vulnerability Enables Memory Exhaustion Attacks

IBM QRadar SIEM Exposed by Trio of Security Flaws, Including Critical Command Execution Bug

Critical Vulnerabilities in Quick Agent Software Expose Ricoh MFPs to Remote Attacks

YouTube app for Xbox, PlayStation, and Smart TVs gets a refreshing update that fixes a frustrating flaw

Zero Gravity Tears: Welcome to the Future

CVE-2025-46350 – YesWiki Reflected Cross-Site Scripting Vulnerability

CVE-2025-44895 – D-Link FW-WGS-804HPT Stack Overflow Vulnerability

With Copilot Avatar, Microsoft will finally bring Clippy back

CVE-2025-46786 – Zoom Workplace Apps XML External Entity (XXE) Injection Vulnerability

CVE-2025-3050 – IBM Db2 CPU Resource Allocation Denial of Service

CVE-2024-7586 – GitLab EE Webhook Deletion Audit Log Authentication Credentials Disclosure

Related Posts