CVE-2024-7586 – GitLab EE Webhook Deletion Audit Log Authentication Credentials Disclosure

June 20, 2025

CVE ID : CVE-2024-7586

Published : June 20, 2025, 2:15 p.m. | 28 minutes ago

Description : An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials.

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-32875 – COROS Bluetooth Pairing and Bonding Unencrypted Data Exfiltration

Next Article CVE-2024-53298 – Dell PowerScale OneFS NFS Export Missing Authorization Vulnerability

Automating Design Systems: Tips And Resources For Getting Started

OpenAI releases two open weight reasoning models

Accelerate tool adoption with a developer experimentation framework

UX Job Interview Helpers

Yes, you can edit video like a pro on Linux – here are my 4 go-to apps

I tried Perplexity’s new reservation feature, and it surprised me with new dining spots to try

Your Samsung TV is getting a huge feature upgrade – 3 AI tools launching right now

This multi-card reader is one of the best investments I’ve made for my creative workflow

Fluent Object Operations with Laravel’s Enhanced Helper Utilities

Fluent Object Operations with Laravel’s Enhanced Helper Utilities

Record and Replay Requests With Laravel ChronoTrace

How to Write Media Queries in Optimizely Configured Commerce (Spire)

Battlefield 6 Developers Confirm AI Bots Will Auto-fill Servers If Player Count Drops

Battlefield 6 Developers Confirm AI Bots Will Auto-fill Servers If Player Count Drops

Canon imageFORMULA R40 Driver for Windows 11, 10 (Download)

Microsoft to End Support for Visual Studio 2015 This October

CVE-2024-7586 – GitLab EE Webhook Deletion Audit Log Authentication Credentials Disclosure

ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch

CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence

Designers: We’ll all be design engineers in a year

CVE-2025-47935 – Multer Resource Exhaustion and Memory Leak Vulnerability

I found an AirTag wallet that’s functional, relatively affordable, and looks fantastic

Strategic Cloud Partner: Key to Business Success, Not Just Tech

Atla AI Introduces the Atla MCP Server: A Local Interface of Purpose-Built LLM Judges via Model Context Protocol (MCP)

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

Actively Exploited Qualcomm GPU Zero-Days Added to CISA’s KEV Catalog

CVE-2025-46742 – Oracle WebLogic Server Authentication Bypass

CVE-2024-7586 – GitLab EE Webhook Deletion Audit Log Authentication Credentials Disclosure

Related Posts