What the vulnerability does

01Description

An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration

Key dates

02Disclosure timeline

January 28, 2020 CVE published
August 5, 2024 Record updated