Unrated severityNVD Advisory· Published Mar 13, 2025· Updated Mar 14, 2025
Generation of Error Message Containing Sensitive Information in GitLab
CVE-2024-12380
Description
An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication information.
Affected products
3cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 11.5
- (no CPE)range: >=11.5, <17.7.7; >=17.8, <17.8.5; >=17.9, <17.9.2
Patches
Vulnerability mechanics
References
2- hackerone.com/reports/2868951mitretechnical-descriptionexploitpermissions-required
- gitlab.com/gitlab-org/gitlab/-/issues/508557mitreissue-trackingpermissions-required
News mentions
1- GitLab Critical Patch Release: 17.9.2, 17.8.5, 17.7.7GitLab Security Releases · Mar 12, 2025