Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2024-11129

CVE-2024-11129: GitLab Information Disclosure Flaw

CVE-2024-11129 is an information disclosure vulnerability in GitLab EE that allows attackers to perform targeted searches with sensitive keywords to obtain issue counts. This article covers technical details, affected versions, impact, and mitigation strategies.

Published:

CVE-2024-11129 Overview

CVE-2024-11129 is an information disclosure vulnerability affecting GitLab Enterprise Edition (EE). The flaw allows unauthenticated attackers to perform targeted searches with sensitive keywords and retrieve the count of issues containing those terms. This exposes metadata about private project content without requiring authentication or user interaction. The vulnerability is tracked under CWE-209: Generation of Error Message Containing Sensitive Information.

Affected versions include GitLab EE 17.1 through 17.8.6, 17.9 through 17.9.5, and 17.10 through 17.10.3. GitLab has released patched versions to address the issue.

Critical Impact

Unauthenticated attackers can enumerate sensitive keywords across GitLab issues by observing search result counts, exposing confidential project information.

Affected Products

  • GitLab EE versions 17.1 before 17.8.7
  • GitLab EE versions 17.9 before 17.9.6
  • GitLab EE versions 17.10 before 17.10.4

Discovery Timeline

  • 2025-04-10 - CVE-2024-11129 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2024-11129

Vulnerability Analysis

The vulnerability stems from improper handling of search response metadata in GitLab EE. When users perform issue searches, the application returns count information that does not properly enforce authorization boundaries. Attackers can submit search queries containing sensitive keywords and observe the returned issue count to infer the presence of confidential data.

This class of flaw falls under information exposure through response discrepancies. While the actual issue content is not directly disclosed, the count itself functions as an oracle. Repeated targeted queries enable attackers to confirm whether specific terms, project names, credentials, or internal identifiers exist within otherwise private issues.

The attack requires no privileges and no user interaction, as the search interface is accessible over the network. The confidentiality impact is rated high while integrity and availability remain unaffected.

Root Cause

The root cause is insufficient authorization enforcement on aggregate search metadata. The search subsystem returns count values computed across issues the requesting user should not be able to query. The application correctly hides issue content but leaks existence information through numerical responses.

Attack Vector

An attacker interacts with the GitLab search API or web interface and issues sequential queries containing candidate keywords. By comparing returned counts against baseline values, the attacker deduces which terms appear in private issues. The vulnerability is exploitable remotely over HTTPS and requires no authentication. Refer to the GitLab Issue Report and HackerOne Report #2717400 for technical context.

Detection Methods for CVE-2024-11129

Indicators of Compromise

  • High volumes of search queries originating from a single user or IP against GitLab instances
  • Sequential search requests containing variations of sensitive keywords such as credentials, internal project codenames, or customer identifiers
  • Search activity from unauthenticated sessions or newly created accounts targeting issue tracking endpoints

Detection Strategies

  • Review GitLab production logs for repeated GET /search and GET /api/v4/search requests with unusual query diversity
  • Correlate search request patterns with response sizes and timing to identify enumeration behavior
  • Alert on bursts of search queries that exceed normal user baselines

Monitoring Recommendations

  • Enable GitLab audit event logging for search operations and forward to a centralized SIEM
  • Track per-user and per-IP search query rates with thresholds tuned to expected developer activity
  • Monitor authentication logs alongside search activity to identify anonymous probing

How to Mitigate CVE-2024-11129

Immediate Actions Required

  • Upgrade GitLab EE to version 17.8.7, 17.9.6, or 17.10.4 or later depending on your installed branch
  • Audit recent search logs for enumeration activity targeting sensitive keywords
  • Restrict anonymous access to internal GitLab instances where business requirements allow

Patch Information

GitLab has released fixed versions 17.8.7, 17.9.6, and 17.10.4. Administrators should apply the appropriate patch matching their current release branch. Consult the GitLab Issue Report for upgrade guidance and the HackerOne Report #2717400 for disclosure details.

Workarounds

  • Limit GitLab instance accessibility to authenticated users via network access controls or VPN
  • Apply rate limiting on search endpoints through a reverse proxy or web application firewall
  • Disable anonymous search functionality where supported by configuration
bash
# Example: GitLab Omnibus upgrade on Debian/Ubuntu
sudo apt-get update
sudo apt-get install gitlab-ee=17.10.4-ee.0
sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne