Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2020-26415 - log back

CVE-2020-26415 edited at 11 Dec 2020 13:47:16

References

	https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/#exposure-of-starred-projects-on-private-user-profiles
+	https://gitlab.com/gitlab-org/gitlab/-/issues/277337

CVE-2020-26415 created at 11 Dec 2020 13:32:54

Severity

+

Medium

Remote

+

Remote

Type

+	Information disclosure

Description

+

An issue has been discovered in GitLab affecting all versions starting from 12.2 before 13.6.2, all versions starting from 12.2 before 13.5.5, all versions starting from 12.2 before 13.4.7. Information about the starred projects for private user profiles was exposed via the GraphQL API starting in 13.4 and via the REST API starting in 12.2.

References

+	https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/#exposure-of-starred-projects-on-private-user-profiles

Notes