PT-2025-11145 · Gitlab · Gitlab Ce/Ee

Published

2025-03-12

Updated

2025-03-15

CVE-2024-12380

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 11.5 through 17.7.7 GitLab EE/CE versions 17.8 through 17.8.5 GitLab EE/CE versions 17.9 through 17.9.2

Description: An issue was discovered in GitLab EE/CE that could potentially expose sensitive authentication information due to certain user inputs in repository mirroring settings.

Recommendations: For versions 11.5 through 17.7.7, update to a version after 17.7.7 to resolve the issue. For versions 17.8 through 17.8.5, update to a version after 17.8.5 to resolve the issue. For versions 17.9 through 17.9.2, update to a version after 17.9.2 to resolve the issue. As a temporary workaround, consider restricting access to the repository mirroring settings to minimize the risk of exploitation.

Exploit

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

BDU:2025-02902

BIT-GITLAB-2024-12380

CVE-2024-12380

Affected Products

Gitlab Ce/Ee

PT-2025-11145 · Gitlab · Gitlab Ce/Ee

CVE-2024-12380

Weakness Enumeration

Related Identifiers

Affected Products

References · 15