diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb
index bd0c2cd661e09f0be36e7be7b06ae06eee149fb1..6b9e4267281a78bbd85aebeb258b4d2dbb2d9dd6 100644
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -407,7 +407,10 @@ module ProjectsHelper
   def sanitize_repo_path(project, message)
     return '' unless message.present?
 
-    message.strip.gsub(project.repository_storage_path.chomp('/'), "[REPOS PATH]")
+    exports_path = File.join(Settings.shared['path'], 'tmp/project_exports')
+    filtered_message = message.strip.gsub(exports_path, "[REPO EXPORT PATH]")
+
+    filtered_message.gsub(project.repository_storage_path.chomp('/'), "[REPOS PATH]")
   end
 
   def project_feature_options
diff --git a/changelogs/unreleased/file-import-export-path-disclosure.yml b/changelogs/unreleased/file-import-export-path-disclosure.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1a297d07187b6532385708b7e8076e05d2d317ed
--- /dev/null
+++ b/changelogs/unreleased/file-import-export-path-disclosure.yml
@@ -0,0 +1,5 @@
+---
+title: Fix path disclosure in project import/export
+merge_request: 
+author:
+
diff --git a/spec/helpers/projects_helper_spec.rb b/spec/helpers/projects_helper_spec.rb
index fc6ad6419ac0aa04a3b63e620f30b780d11e08b3..44312ada4385185d404df9a4c3cba86dc77fdd4f 100644
--- a/spec/helpers/projects_helper_spec.rb
+++ b/spec/helpers/projects_helper_spec.rb
@@ -167,6 +167,7 @@ describe ProjectsHelper do
 
     before do
       allow(project).to receive(:repository_storage_path).and_return('/base/repo/path')
+      allow(Settings.shared).to receive(:[]).with('path').and_return('/base/repo/export/path')
     end
 
     it 'removes the repo path' do
@@ -175,6 +176,13 @@ describe ProjectsHelper do
 
       expect(sanitize_repo_path(project, import_error)).to eq('Could not clone [REPOS PATH]/namespace/test.git')
     end
+
+    it 'removes the temporary repo path used for uploads/exports' do
+      repo = '/base/repo/export/path/tmp/project_exports/uploads/test.tar.gz'
+      import_error = "Unable to decompress #{repo}\n"
+
+      expect(sanitize_repo_path(project, import_error)).to eq('Unable to decompress [REPO EXPORT PATH]/uploads/test.tar.gz')
+    end
   end
 
   describe '#last_push_event' do