4 matches found
GitLab 13.3 < 13.3.9 / 13.4 < 13.4.5 / 13.5 < 13.5.2 (CVE-2020-26406)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with...
CVE-2020-26406
creationtimestamp| type| source ---|---|--- 2020-11-17 07:38:38+00:00| seen| https://t.me/cibsecurity/16431...
CVE-2020-26406
Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are:...
CVE-2020-26406
GitLab GitLab EE vulnerability CVE-2020-26406: Certain SAST CiConfiguration information could be viewed by unauthorized users via GraphQL. Affected products/versions: GitLab EE 13.3 (up to 13.3.8), 13.4 (up to 13.4.4), and 13.5 (up to 13.5.1). Root cause: misexposure of SAST CiConfiguration data ...