| CVE-2020-26417 |
Medium |
Yes |
Information disclosure |
Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2,... |
| CVE-2020-26415 |
Medium |
Yes |
Information disclosure |
An issue has been discovered in GitLab affecting all versions starting from 12.2 before 13.6.2, all versions starting from 12.2 before 13.5.5, all versions... |
| CVE-2020-26413 |
Medium |
Yes |
Information disclosure |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL starting in GitLab... |
| CVE-2020-26411 |
Medium |
Yes |
Denial of service |
A potential denial of service vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6... |
| CVE-2020-26409 |
Medium |
Yes |
Denial of service |
A denial of service vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled... |
| CVE-2020-26408 |
Medium |
Yes |
Information disclosure |
A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an... |
| CVE-2020-26407 |
Medium |
Yes |
Cross-site scripting |
A cross-site scripting vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to... |
| CVE-2020-13357 |
Medium |
Yes |
Access restriction bypass |
An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the... |