Login Sign Up

CVE-2024-2191

5.3 MEDIUM

📋 TL;DR

This vulnerability in GitLab allows unauthorized users to view merge request titles that were configured to be visible only to project members. It affects GitLab Community Edition (CE) and Enterprise Edition (EE) installations running vulnerable versions, potentially exposing sensitive project information.

💻 Affected Systems

Products:
  • GitLab Community Edition
  • GitLab Enterprise Edition
Versions: 16.9 to 16.11.4, 17.0 to 17.0.2, 17.1 to 17.1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all deployments with merge requests configured with 'project members only' visibility for titles.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive project information, such as feature names, bug fixes, or internal project details, could be exposed to unauthorized users, leading to information disclosure that could aid targeted attacks.

🟠

Likely Case

Unauthorized users can see merge request titles that should be restricted, potentially revealing project roadmap details, security fixes, or internal development activities.

🟢

If Mitigated

With proper access controls and monitoring, the impact is limited to information disclosure of merge request titles only (not the full content), which may still be sensitive depending on the organization.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires access to the GitLab instance but no authentication to view restricted merge request titles.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 16.11.5, 17.0.3, 17.1.1

Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/444655

Restart Required: Yes

Instructions:

1. Backup your GitLab instance. 2. Update GitLab to version 16.11.5, 17.0.3, or 17.1.1 depending on your current version. 3. Restart GitLab services.

🔧 Temporary Workarounds

Temporarily restrict merge request creation

all

Disable merge request creation for projects with sensitive information until patched.

Navigate to Project Settings > General > Merge requests and adjust permissions

🧯 If You Can't Patch

  • Review and audit merge request titles for sensitive information and sanitize if necessary.
  • Implement network-level access controls to restrict GitLab access to authorized users only.

🔍 How to Verify

Check if Vulnerable:

Check GitLab version via Admin Area or run: sudo gitlab-rake gitlab:env:info | grep 'Version:'

Check Version:

sudo gitlab-rake gitlab:env:info | grep 'Version:'

Verify Fix Applied:

Verify version is 16.11.5, 17.0.3, or 17.1.1 after update and test that merge request titles with 'project members only' visibility are properly restricted.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to merge request endpoints by unauthorized users

Network Indicators:

  • HTTP requests to /merge_requests endpoints from unauthorized IPs

SIEM Query:

source="gitlab" AND (uri_path="/merge_requests" OR uri_path="/api/v4/merge_requests") AND user_id="-1"

📊 Metadata

CVE ID: CVE-2024-2191
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-284
Published: June 27, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-2191, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)