CVE-2020-26416

Summary

Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab EE>=8.4 to <13.4.7affected
GitLabGitLab EE>=13.5 to <13.5.5affected
GitLabGitLab EE>=13.6 to <13.6.2affected

Weaknesses

  • Information exposure in GitLab EE

ADP Enrichment

CVE Program Container

Additional References

References