CVE-2024-12380

Published: Mar 13, 2025Modified: Aug 6, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication information.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 11.5.0 to 17.7.7
Gitlab Gitlab	From 17.8.0 to 17.8.5
Gitlab Gitlab	From 17.9.0 to 17.9.2
Gitlab Gitlab	From 11.5.0 to 17.7.7
Gitlab Gitlab	From 17.8.0 to 17.8.5
Gitlab Gitlab	From 17.9.0 to 17.9.2

Related CWEs

CWE-209

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (2)

https://gitlab.com/gitlab-org/gitlab/-/issues/508557

Source: cve@gitlab.com

Broken Link

https://hackerone.com/reports/2868951

Source: cve@gitlab.com

Permissions Required

Timeline

No history available yet.