CVE-2024-11129 MEDIUM

CVE-2024-11129: Generation of Error Message Containing Sensitive Information in GitLab

Vendor Gitlab
Product GitLab
Weakness CWE-209 · Error message info leak
Published April 10, 2025
Last update April 10, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term."

Key dates

02Disclosure timeline

April 10, 2025 CVE published
April 10, 2025 Record updated

Related vulnerabilities

04Related CVE