CVE-2024-11129

Published: Apr 10, 2025Modified: Aug 7, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term."

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 17.1.0 to 17.8.7
Gitlab Gitlab	From 17.10.0 to 17.10.4
Gitlab Gitlab	From 17.9.0 to 17.9.6
Gitlab Gitlab	From 17.1.0 to 17.8.6
Gitlab Gitlab	From 17.10.0 to 17.10.4
Gitlab Gitlab	From 17.9.0 to 17.9.6

Related CWEs

CWE-209

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (2)

https://gitlab.com/gitlab-org/gitlab/-/issues/503722

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/2717400

Source: cve@gitlab.com

Permissions Required

Timeline

No history available yet.