CVE-2020-26413 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL starting in GitLab 13.4 results in user email being unexpectedly visible.
Group Package Affected Fixed Severity Status Ticket
AVG-1333 gitlab 13.6.1-1 13.6.2-1 Medium Fixed
References
https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/#user-email-exposed-via-graphql-endpoint
https://gitlab.com/gitlab-org/gitlab/-/issues/244275
https://hackerone.com/reports/972355