VYPR
Unrated severityNVD Advisory· Published Apr 10, 2025· Updated Apr 10, 2025

Generation of Error Message Containing Sensitive Information in GitLab

CVE-2024-11129

Description

An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term."

Affected products

3
  • GitLab Inc./GitLabv52 versions
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 17.1
    • (no CPE)range: >=17.1, <17.8.7 | >=17.9, <17.9.6 | >=17.10, <17.10.4
  • osv-coords
    Range: >= 17.1.0, < 17.10.4

Patches

Vulnerability mechanics

References

2

News mentions

1