CVE-2024-11129 – This vulnerability in GitLab EE allows attacker... (How to Fix)

Q: What is the severity of CVE-2024-11129?

CVE-2024-11129 has a CVSS score of 6.3 (MEDIUM). This vulnerability in GitLab EE allows attackers to perform targeted searches with sensitive keywords to obtain counts of issues containing those terms. This information disclosure affects all GitLab EE versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4.

📋 TL;DR

This vulnerability in GitLab EE allows attackers to perform targeted searches with sensitive keywords to obtain counts of issues containing those terms. This information disclosure affects all GitLab EE versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4.

💻 Affected Systems

Products:

GitLab EE

Versions: 17.1 to 17.8.6, 17.9 to 17.9.5, 17.10 to 17.10.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects GitLab EE (Enterprise Edition), not CE (Community Edition). Requires authenticated access to perform searches.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could enumerate sensitive issue counts to infer confidential project information, business activities, or security incidents, potentially leading to targeted attacks or intelligence gathering.

🟠

Likely Case

Attackers discover counts of issues containing sensitive terms, allowing them to infer project status, security incidents, or business activities without accessing actual issue content.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to statistical information disclosure rather than actual data exposure.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access and involves using search functionality with sensitive keywords.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 17.8.7, 17.9.6, 17.10.4

Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/503722

Restart Required: Yes

Instructions:

1. Backup your GitLab instance. 2. Update to GitLab EE 17.8.7, 17.9.6, or 17.10.4 depending on your current version. 3. Restart GitLab services. 4. Verify the update was successful.

🔧 Temporary Workarounds

Restrict Search Permissions

all

Temporarily restrict search functionality for non-admin users

# Configure via GitLab admin settings or application.yml

🧯 If You Can't Patch

Implement strict access controls and monitor search activity logs
Disable issue search functionality for non-essential users

🔍 How to Verify

Check if Vulnerable:

Check GitLab version via admin panel or command: sudo gitlab-rake gitlab:env:info

Check Version:

sudo gitlab-rake gitlab:env:info | grep 'GitLab version'

Verify Fix Applied:

Verify version is 17.8.7, 17.9.6, or 17.10.4 and test that sensitive keyword searches no longer return issue counts

📡 Detection & Monitoring

Log Indicators:

Unusual search patterns with sensitive keywords
High frequency of search requests from single users

Network Indicators:

Increased API calls to search endpoints

SIEM Query:

source="gitlab" AND ("GET /api/v4/search" OR "POST /api/v4/search") AND ("password" OR "secret" OR "token" OR "key")

📊 Metadata

CVE ID: CVE-2024-11129

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-209

EPSS Score: 0.05% exploit probability (16.2th percentile)

Published: April 10, 2025

Last Updated: August 7, 2025

🔗 References

https://gitlab.com/gitlab-org/gitlab/-/issues/503722 Broken Link
https://hackerone.com/reports/2717400 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11129, you might also want to check these: