---

CVE-2020-26416 - log back

CVE-2020-26416 edited at 11 Dec 2020 13:51:21
References	https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/#search-terms-logged-in-search-parameter-in-rails-logs + https://gitlab.com/gitlab-org/gitlab/-/issues/244495

CVE-2020-26416 created at 11 Dec 2020 13:29:06
Severity	+ Medium
Remote	+ Remote
Type	+ Information disclosure
Description	+ Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.
References	+ https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/#search-terms-logged-in-search-parameter-in-rails-logs
Notes