CVE-2024-11129: Generation of Error Message Containing Sensitive Information in GitLab

6.3 CVSS

Description

An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term."

Classification

CVE ID: CVE-2024-11129

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.3

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem Types

CWE-209: Generation of Error Message Containing Sensitive Information

Affected Products

Vendor: GitLab

Product: GitLab

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 0.76% (scored less or equal to compared to others)

EPSS Date: 2025-04-20 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-11129
https://gitlab.com/gitlab-org/gitlab/-/issues/503722
https://hackerone.com/reports/2717400

Timeline

2025-04-10 13:40:14 UTC
CVE

Generation of Error Message Containing Sensitive Information in GitLab