CVE-2024-12380: Generation of Error Message Containing Sensitive Information in GitLab
First published: Thu Mar 13 2025(Updated: )
An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication information.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=11.5<17.7.7>=17.8<17.8.5>=17.9<17.9.2 |
Remedy
Upgrade to version 17.9.2, 17.8.5, 17.7.7
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-12380?
CVE-2024-12380 has been rated as a high severity vulnerability.
How do I fix CVE-2024-12380?
To fix CVE-2024-12380, update GitLab EE/CE to version 17.8.5 or 17.9.2 or later.
What impact does CVE-2024-12380 have on GitLab users?
CVE-2024-12380 may expose sensitive authentication tokens due to improper handling of user inputs in repository mirroring settings.
Which GitLab versions are affected by CVE-2024-12380?
CVE-2024-12380 affects GitLab versions starting from 11.5 up to 17.7.7, and from 17.8 up to 17.8.5, and from 17.9 up to 17.9.2.
Is CVE-2024-12380 a local or remote vulnerability?
CVE-2024-12380 is a remote vulnerability that can be exploited through repository settings in GitLab.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/remedy
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/source
- agent/author
- agent/severity
- agent/tags
- agent/event
- vendor/gitlab
- canonical/gitlab