CVE Vulnerabilities

CVE-2026-12053

Insertion of Sensitive Information into Log File

Published: Jun 25, 2026 | Modified: Jun 26, 2026
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io logo minimus.io logo echo.ai logo

GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows.

Weakness

The product writes sensitive information to a log file.

Affected Software

NameVendorStart VersionEnd Version
GitlabGitlab19.1.0 (including)19.1.0 (including)

Potential Mitigations

References