Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged
The product writes sensitive information to a log file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gitlab | Gitlab | * | 14.7.7 (excluding) |
Gitlab | Gitlab | 14.8.0 (including) | 14.8.5 (excluding) |
Gitlab | Gitlab | 14.9.0 (including) | 14.9.2 (excluding) |
Gitlab | Ubuntu | esm-apps/xenial | * |
Gitlab | Ubuntu | upstream | * |