VYPR
Unrated severityNVD Advisory· Published Mar 13, 2025· Updated Mar 14, 2025

Generation of Error Message Containing Sensitive Information in GitLab

CVE-2024-12380

Description

An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication information.

Affected products

3
  • GitLab Inc./GitLabv52 versions
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 11.5
    • (no CPE)range: >=11.5, <17.7.7; >=17.8, <17.8.5; >=17.9, <17.9.2
  • osv-coords
    Range: >= 11.5.0, < 17.9.2

Patches

Vulnerability mechanics

References

2

News mentions

1