CVE-2020-26415

Summary

Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=12.2 to <13.4.7affected
GitLabGitLab>=13.5 to <13.5.5affected
GitLabGitLab>=13.6 to <13.6.2affected

Weaknesses

  • Information exposure in GitLab

ADP Enrichment

CVE Program Container

Additional References

References