What the vulnerability does

01Description

An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests.

Key dates

02Disclosure timeline

January 28, 2020 CVE published
August 5, 2024 Record updated