AVG-1333 log

Package gitlab
Status Fixed
Severity Medium
Type multiple issues
Affected 13.6.1-1
Fixed 13.6.2-1
Current 17.7.0-1 [extra]
Ticket None
Created Tue Dec 8 14:15:24 2020
Issue Severity Remote Type Description
CVE-2020-26417 Medium Yes Information disclosure
Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2,...
CVE-2020-26415 Medium Yes Information disclosure
An issue has been discovered in GitLab affecting all versions starting from 12.2 before 13.6.2, all versions starting from 12.2 before 13.5.5, all versions...
CVE-2020-26413 Medium Yes Information disclosure
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL starting in GitLab...
CVE-2020-26411 Medium Yes Denial of service
A potential denial of service vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6...
CVE-2020-26409 Medium Yes Denial of service
A denial of service vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled...
CVE-2020-26408 Medium Yes Information disclosure
A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an...
CVE-2020-26407 Medium Yes Cross-site scripting
A cross-site scripting vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to...
CVE-2020-13357 Medium Yes Access restriction bypass
An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the...
References
https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/