fkie_cve-2024-11129
Vulnerability from fkie_nvd
Published
2025-04-10 13:15
Modified
2025-08-07 18:43
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@gitlab.com | https://gitlab.com/gitlab-org/gitlab/-/issues/503722 | Broken Link | |
| cve@gitlab.com | https://hackerone.com/reports/2717400 | Permissions Required |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "90FFEF88-9D28-4C80-A135-C4FE12395620",
"versionEndExcluding": "17.8.6",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"matchCriteriaId": "2C53F271-B34B-479C-8061-39B81BD181F5",
"versionEndExcluding": "17.8.7",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"matchCriteriaId": "DA3826E3-A00E-4E5A-81A0-28DCB2BE10B5",
"versionEndExcluding": "17.9.6",
"versionStartIncluding": "17.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "2BE64DE3-7E01-4B8C-81D3-A1443D2450A3",
"versionEndExcluding": "17.9.6",
"versionStartIncluding": "17.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"matchCriteriaId": "73742B4C-F768-4F0D-A34D-B551A3BC6177",
"versionEndExcluding": "17.10.4",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F95150D7-C98E-4177-AB2B-8E9B7100DF2D",
"versionEndExcluding": "17.10.4",
"versionStartIncluding": "17.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term.\""
},
{
"lang": "es",
"value": " Se ha descubierto un problema en GitLab EE que afecta a todas las versiones desde la 17.1 hasta la 17.8.7, la 17.9 hasta la 17.9.6 y la 17.10 hasta la 17.10.4. Esto permite a los atacantes realizar b\u00fasquedas espec\u00edficas con palabras clave sensibles para obtener el recuento de problemas que contienen el t\u00e9rmino buscado."
}
],
"id": "CVE-2024-11129",
"lastModified": "2025-08-07T18:43:12.120",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "cve@gitlab.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-10T13:15:43.993",
"references": [
{
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/503722"
},
{
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/2717400"
}
],
"sourceIdentifier": "cve@gitlab.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "cve@gitlab.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…