CVE-2024-12380 MEDIUM

CVE-2024-12380: Generation of Error Message Containing Sensitive Information in GitLab

Vendor Gitlab
Product GitLab
Weakness CWE-209 · Error message info leak
Published March 13, 2025
Last update March 14, 2025

CVSS base score

4.4/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication information.

Key dates

02Disclosure timeline

March 13, 2025 CVE published
March 14, 2025 Record updated

Related vulnerabilities

04Related CVE