7.5

CVE-2024-11129

EPSS 0.05%
Veröffentlicht 10.04.2025 13:15:43
Zuletzt bearbeitet 07.08.2025 18:43:12
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

Generation of Error Message Containing Sensitive Information in GitLab

An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before  17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term."

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 6 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ GitLab SwEditionenterprise Version >= 17.1.0 < 17.8.6

Gitlab ≫ GitLab SwEditioncommunity Version >= 17.1.0 < 17.8.7

Gitlab ≫ GitLab SwEditioncommunity Version >= 17.9.0 < 17.9.6

Gitlab ≫ GitLab SwEditionenterprise Version >= 17.9.0 < 17.9.6

Gitlab ≫ GitLab SwEditioncommunity Version >= 17.10.0 < 17.10.4

Gitlab ≫ GitLab SwEditionenterprise Version >= 17.10.0 < 17.10.4

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.163

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cve@gitlab.com	6.3	1.8	4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://gitlab.com/gitlab-org/gitlab/-/issues/503722

Broken Link

https://hackerone.com/reports/2717400

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-11129

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-11129

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-11129

EUVD