PT-2025-15979 · Gitlab · Gitlab Ce/Ee

Published

2025-04-09

Updated

2025-08-07

CVE-2024-11129

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.1 through 17.8.6 GitLab EE versions 17.9 through 17.9.5 GitLab EE versions 17.10 through 17.10.3

Description: An issue has been discovered in GitLab EE that allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term.

Recommendations: For versions 17.1 through 17.8.6, update to version 17.8.7 or later. For versions 17.9 through 17.9.5, update to version 17.9.6 or later. For versions 17.10 through 17.10.3, update to version 17.10.4 or later.

Exploit

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

BDU:2025-04559

BIT-GITLAB-2024-11129

CVE-2024-11129

Affected Products

Gitlab Ce/Ee

PT-2025-15979 · Gitlab · Gitlab Ce/Ee

CVE-2024-11129

Weakness Enumeration

Related Identifiers

Affected Products

References · 12