CVE-2020-26413

Summary

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab CE/EE>=13.4, <13.4.7affected
GitLabGitLab CE/EE>=13.5, <13.5.5affected
GitLabGitLab CE/EE>=13.6, <13.6.2affected

Weaknesses

  • Information exposure in GitLab CE/EE

ADP Enrichment

CVE Program Container

Additional References

References