Main Vulnerability Database Vulnerabilities #VU48973

#VU48973 Information disclosure in GitLab Enterprise Edition - CVE-2020-26416

Published: December 10, 2020 / Updated: December 14, 2020

Vulnerability identifier: #VU48973

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-26416

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
GitLab Enterprise Edition

Software vendor:
GitLab, Inc

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in Advanced Search component of GitLab EE via the search terms of Rails logs. A remote privileged user obtain sensitive information.

Remediation

Install updates from vendor's website.

External links

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26416.json
https://gitlab.com/gitlab-org/gitlab/-/issues/244495