CVE-2020-26415

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab versions 12.2 through 13.4.7 GitLab versions 13.5 through 13.5.5 GitLab versions 13.6 through 13.6.2

Description Information about the starred projects for private user profiles was exposed via the GraphQL API starting from version 12.2. This exposure occurred through the REST API.

Recommendations For versions 12.2 through 13.4.7, update to version 13.4.7 or later. For versions 13.5 through 13.5.5, update to version 13.5.5 or later. For versions 13.6 through 13.6.2, update to version 13.6.2 or later.

Fix

Missing Authorization

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-200

Related Identifiers

BIT-GITLAB-2020-26415

CVE-2020-26415

Affected Products

Gitlab

CVE-2020-26415

Weakness Enumeration

Related Identifiers

Affected Products

References · 32