CVE-2020-26412

Summary

Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab EE>=13.2, <13.4.7affected
GitLabGitLab EE>=13.5, <13.5.5affected
GitLabGitLab EE>=13.6, <13.6.2affected

Weaknesses

  • Information exposure in GitLab EE

ADP Enrichment

CVE Program Container

Additional References

References