CVE-2024-11129: 
GitLab vulnerability analysis and mitigation

A security vulnerability (CVE-2024-11129) has been identified in GitLab Enterprise Edition (EE) affecting versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. The vulnerability was disclosed on April 10, 2025, and is classified under CWE-209 (Generation of Error Message Containing Sensitive Information) (NVD CVE, MITRE CVE).

The vulnerability allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term. The vulnerability has been assigned a CVSS v3.1 Base Score of 6.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N, indicating network accessibility with high attack complexity, low privileges required, no user interaction needed, and potential for high confidentiality impact (NVD CVE).

The vulnerability primarily affects the confidentiality of information in GitLab EE installations. By exploiting this issue, attackers can potentially gather sensitive information by performing targeted keyword searches and analyzing the count of matching issues, which could lead to information disclosure (NVD CVE).

Users of GitLab EE should upgrade to versions 17.8.7, 17.9.6, or 17.10.4 or later, depending on their current version track. The vulnerability has been fixed in these releases (Debian Tracker).