AVG-1347 log
Package | gitlab |
Status | Not affected |
Severity | Medium |
Type | information disclosure |
Affected | 13.6.1-1 |
Fixed | 13.6.2-1 |
Current | 17.7.0-1 [extra] |
Ticket | None |
Created | Fri Dec 11 13:39:36 2020 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2020-26416 | Medium | Yes | Information disclosure | Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions... |
CVE-2020-26412 | Low | Yes | Information disclosure | Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2. |
References |
---|
https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/ |
Notes |
---|
These security issues only affect Gitlab Enterprise Edition, Arch Linux packages the Community Edition. |