CVE-2024-3303: An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior

mediumvulnerability

security

Source: NVD/CVE DatabaseFebruary 13, 2025CVE-2024-3303

Summary

A vulnerability (CVE-2024-3303) was found in GitLab EE (a version control platform for managing code) that allows attackers to steal the contents of private issues through prompt injection (tricking the AI by hiding instructions in its input). The flaw affects multiple versions: 16.0 through 17.6.4, 17.7 through 17.7.3, and 17.8 through 17.8.1.

Vulnerability Details

CVSS Score

6.4(medium)

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack Type

Prompt Injection

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrity

Affected Vendors

Related Issues

high

AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection

Similar attackEmbrace The Red

medium

CVE-2024-45989: Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Act

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 75%