CVE-2020-26415 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Information disclosure
Description	An issue has been discovered in GitLab affecting all versions starting from 12.2 before 13.6.2, all versions starting from 12.2 before 13.5.5, all versions starting from 12.2 before 13.4.7. Information about the starred projects for private user profiles was exposed via the GraphQL API starting in 13.4 and via the REST API starting in 12.2.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1333	gitlab	13.6.1-1	13.6.2-1	Medium	Fixed

References
https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/#exposure-of-starred-projects-on-private-user-profiles https://gitlab.com/gitlab-org/gitlab/-/issues/277337