CVE-2024-12380

An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication information.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.7 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/508557	Broken Link
https://hackerone.com/reports/2868951	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

06 Aug 2025, 18:33

Type	Values Removed	Values Added
Summary		(es) Se detectó un problema en GitLab EE/CE que afectaba a todas las versiones (desde la 11.5 hasta la 17.7.7), a todas las versiones (desde la 17.8 hasta la 17.8.5) y a todas las versiones (desde la 17.9 hasta la 17.9.2). Ciertas entradas de usuario en la configuración de duplicación del repositorio podrían exponer información confidencial de autenticación.
CPE		cpe:2.3:a:gitlab:gitlab:::::community:::* cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/508557 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/508557 - Broken Link
References	~~() https://hackerone.com/reports/2868951 -~~	() https://hackerone.com/reports/2868951 - Permissions Required
First Time		Gitlab gitlab Gitlab

13 Mar 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-13 06:15

Updated : 2025-08-06 18:33

NVD link : CVE-2024-12380

Mitre link : CVE-2024-12380

CVE.ORG link : CVE-2024-12380

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

{"id": "CVE-2024-12380", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-13T06:15:35.220", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/508557", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2868951", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication information."}, {"lang": "es", "value": "Se detect\u00f3 un problema en GitLab EE/CE que afectaba a todas las versiones (desde la 11.5 hasta la 17.7.7), a todas las versiones (desde la 17.8 hasta la 17.8.5) y a todas las versiones (desde la 17.9 hasta la 17.9.2). Ciertas entradas de usuario en la configuraci\u00f3n de duplicaci\u00f3n del repositorio podr\u00edan exponer informaci\u00f3n confidencial de autenticaci\u00f3n."}], "lastModified": "2025-08-06T18:33:59.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "B6900812-E6F7-47EC-8144-F7B9048AC020", "versionEndExcluding": "17.7.7", "versionStartIncluding": "11.5.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "E98F669E-4F7D-4C2C-A8D4-3733746B6C92", "versionEndExcluding": "17.7.7", "versionStartIncluding": "11.5.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "51278A1A-6BB1-461B-B4D0-38FD58680C3F", "versionEndExcluding": "17.8.5", "versionStartIncluding": "17.8.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "9793DFF7-AA7F-4727-91EE-A05FB4B63D5A", "versionEndExcluding": "17.8.5", "versionStartIncluding": "17.8.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "257CE2B6-A495-4F46-990B-BF5D283530DA", "versionEndExcluding": "17.9.2", "versionStartIncluding": "17.9.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "6373756D-2959-4F3C-AFBA-33BB55570428", "versionEndExcluding": "17.9.2", "versionStartIncluding": "17.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}