CVE-2020-26413

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible...

GitLab 12.2 < 13.4.7 / 13.5 < 13.5.5 / 13.6 < 13.6.2 (CVE-2020-26415)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab =12.2 to =13.5 to =13.6 to =12.2 to =13.5 to...

GitLab 12.4 < 13.4.7 / 13.5 < 13.5.5 / 13.6 < 13.6.2 (CVE-2020-26407)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a...

Information disclosure

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible...

UBUNTU-CVE-2020-26412

Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2...

CVE-2020-26411

Removed by vendor...

CVE-2020-26413

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible...

CVE-2020-26415

Removed by vendor...

PT-2020-16419 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.4 through 13.6.1 Description: An issue has been discovered in GitLab CE/EE, where information disclosure via GraphQL results in user email being unexpectedly visible. Recommendations: For versions 13.4 through 13.6.1,...

PT-2020-16418 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.2 through 13.6.1 Description: The issue allows removed group members to access updated information on confidential epics using the To-Do functionality. Recommendations: For GitLab EE versions 13.2 through 13.6.1, update ...

CVE-2020-26407

A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project...

CVE-2020-26407

A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project...

GitLab 信息泄露漏洞

GitLab is a Ruby on Rails developed, self-hosted, Git version control system project repository application from GitLab, Inc. The program can be used to access the project's file contents, commit history, bug list , etc. Git is a free, open source distributed version control system. GitLab CE/EE...

Vulnerabilities fixed in GitLab

Multiple vulnerabilities have been identified in GitLab; an remote attacker could exploit some of these vulnerabilities exploit them to enable cross-site scripting, denial of service condition trigger and release sensitive information about the targeted system. disclosure. The developers have...