---

CVE-2020-26417 - log back

CVE-2020-26417 edited at 11 Dec 2020 13:48:04
References	https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/#group-and-project-membership-potentially-exposed-via-graphql + https://gitlab.com/gitlab-org/gitlab/-/issues/282539

CVE-2020-26417 created at 11 Dec 2020 13:27:22
Severity	+ Medium
Remote	+ Remote
Type	+ Information disclosure
Description	+ Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2, >=13.5 to <13.5.5, and >=13.1 to <13.4.7.
References	+ https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/#group-and-project-membership-potentially-exposed-via-graphql
Notes