PT-2025-1718 · Gitlab · Gitlab Ce/Ee
Greg Myers
·
Published
2025-01-24
·
Updated
2025-08-05
·
CVE-2024-11931
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 17.0 through 17.6.3
GitLab CE/EE versions 17.7 through 17.7.2
GitLab CE/EE versions 17.8 through 17.8.0
Description
An issue has been discovered in GitLab CE/EE that affects users with a developer role, allowing them to potentially exfiltrate protected CI variables via CI lint under certain conditions. This could enable attackers to access sensitive information.
Recommendations
For GitLab CE/EE versions 17.0 through 17.6.3, update to version 17.6.4 or later to resolve the issue.
For GitLab CE/EE versions 17.7 through 17.7.2, update to version 17.7.3 or later to resolve the issue.
For GitLab CE/EE versions 17.8 through 17.8.0, update to version 17.8.1 or later to resolve the issue.
As a temporary workaround, consider restricting access to CI lint for users with developer roles until the issue is resolved.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab Ce/Ee