CVE-2024-12380
Published: 13 March 2025
Summary
CVE-2024-12380 is a medium-severity Generation of Error Message Containing Sensitive Information (CWE-209) vulnerability in Gitlab Gitlab. Its CVSS base score is 4.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 15.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces validation of user inputs in GitLab repository mirroring settings to prevent exposure of sensitive authentication information.
Prevents error handling in repository mirroring from generating messages that disclose sensitive authentication details.
Filters information outputs from repository mirroring settings to block sensitive authentication data leakage.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability directly enables disclosure of sensitive authentication credentials stored in repository mirroring settings, mapping to Unsecured Credentials (T1552) as the attacker can obtain and compromise these credentials.
NVD Description
An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive…
more
authentication information.
Deeper analysisAI
CVE-2024-12380 is a vulnerability discovered in GitLab Enterprise Edition (EE) and Community Edition (CE), affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, and all versions starting from 17.9 before 17.9.2. The issue arises from certain user inputs in repository mirroring settings that could potentially expose sensitive authentication information. It is classified under CWE-209 and carries a CVSS v3.1 base score of 4.4 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N), indicating a moderate severity with high confidentiality impact but no integrity or availability effects.
Exploitation requires network access, high attack complexity, and high privileges (PR:H), with no user interaction needed. An authenticated attacker possessing elevated privileges could leverage the flawed handling of inputs in repository mirroring settings to disclose sensitive authentication details, potentially compromising credentials used for mirroring operations.
Mitigation is achieved by upgrading to patched GitLab versions: 17.7.7 or later for the 17.7 series, 17.8.5 or later for the 17.8 series, and 17.9.2 or later for the 17.9 series. Further details on the issue and resolution are documented in the GitLab issue tracker at https://gitlab.com/gitlab-org/gitlab/-/issues/508557 and the corresponding HackerOne disclosure report at https://hackerone.com/reports/2868951.
Details
- CWE(s)