AVG-1347 log

Package gitlab
Status Not affected
Severity Medium
Type information disclosure
Affected 13.6.1-1
Fixed 13.6.2-1
Current 14.2.3-1 [community]
Ticket None
Created Fri Dec 11 13:39:36 2020
Issue Severity Remote Type Description
CVE-2020-26416 Medium Yes Information disclosure
Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions...
CVE-2020-26412 Low Yes Information disclosure
Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.
References
https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/
Notes
These security issues only affect Gitlab Enterprise Edition, Arch Linux packages the Community Edition.