---

CVE-2020-26413 - log back

CVE-2020-26413 edited at 11 Dec 2020 13:45:59
References	https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/#user-email-exposed-via-graphql-endpoint + https://gitlab.com/gitlab-org/gitlab/-/issues/244275 + https://hackerone.com/reports/972355

CVE-2020-26413 created at 11 Dec 2020 13:34:08
Severity	+ Medium
Remote	+ Remote
Type	+ Information disclosure
Description	+ An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL starting in GitLab 13.4 results in user email being unexpectedly visible.
References	+ https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/#user-email-exposed-via-graphql-endpoint
Notes