CVE-2020-26417

CVE-2020-26417 concerns information disclosure via GraphQL in GitLab CE/EE. Affected are GitLab versions: >=13.1 to =13.5 to =13.6 to

CVE-2020-26417

Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions =13.6 to =13.5 to =13.1 to 13.4.7...

CVE-2020-26417

Removed by vendor...

CVE-2020-26415

CVE-2020-26415: Information about starred projects for private user profiles was exposed via GitLab's GraphQL API starting from 12.2 via REST. Affected products/versions include GitLab 12.2–13.4.7, 13.5–13.5.5, and 13.6–13.6.2. The connected documents do not provide explicit fix versions or remed...

CVE-2020-26415

Removed by vendor...

PT-2020-16419 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.4 through 13.6.1 Description: An issue has been discovered in GitLab CE/EE, where information disclosure via GraphQL results in user email being unexpectedly visible. Recommendations: For versions 13.4 through 13.6.1,...

PT-2020-16422 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.1 through 13.4.7 GitLab CE/EE versions 13.5 through 13.5.5 GitLab CE/EE versions 13.6 through 13.6.2 Description: The issue concerns information disclosure via GraphQL, exposing private group and project membership...

PT-2020-16420 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.2 through 13.4.7 GitLab versions 13.5 through 13.5.5 GitLab versions 13.6 through 13.6.2 Description: Information about the starred projects for private user profiles was exposed via the GraphQL API starting from version...

GitLab Information Disclosure Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab that originates...

GitLab 信息泄露漏洞

GitLab is a Ruby on Rails developed, self-hosted, Git version control system project repository application from GitLab, Inc. The program can be used to access the project's file contents, commit history, bug list , etc. Git is a free, open source distributed version control system. GitLab CE/EE...

GitLab CE/EE Information Disclosure Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab CE/EE version...

FreeBSD : Gitlab -- Multiple vulnerabilities (5d5e5cda-38e6-11eb-bbbf-001b217b3468)

Gitlab reports : XSS in Zoom Meeting URL Limited Information Disclosure in Private Profile User email exposed via GraphQL endpoint Group and project membership potentially exposed via GraphQL Search terms logged in search parameter in rails logs Un-authorised access to feature flag user list A...

Gitlab -- Multiple vulnerabilities

Gitlab reports: XSS in Zoom Meeting URL Limited Information Disclosure in Private Profile User email exposed via GraphQL endpoint Group and project membership potentially exposed via GraphQL Search terms logged in search parameter in rails logs Un-authorised access to feature flag user list A...

Shopify: Staff with no permissions could possibly list and accept billing promotions

Hi, Description I was looking for undocumented GraphQL API endpoints and noticed a query and mutation related to what seems to be billing promotions, but I'm not 100% sure about this since I have no idea where those promotions would come from. However, since those GraphQL endpoints were found...

Information Disclosure

datasette-graphql is vulnerable to information disclosure. The vulnerability exists as it does not perform permission checks, allowing private database schema to be revealed...

datasette-graphql leaks details of the schema of private database files

Impact When running against a Datasette instance with private databases, datasette-graphql would expose the schema of those database tables - but not the table contents. Patches Patched in version 1.2. Workarounds This issue is only present if a Datasette instance that includes private databases...

GHSA-74HV-QJJQ-H7G5 datasette-graphql leaks details of the schema of private database files

Impact When running against a Datasette instance with private databases, datasette-graphql would expose the schema of those database tables - but not the table contents. Patches Patched in version 1.2. Workarounds This issue is only present if a Datasette instance that includes private databases...

fabric8-analytics-lsp-server (=0.3.0), graphql-validated-types (>=2.7.0 <=2.11.0) +1 more potentially affected by unknown CVE via semver-regex (>=3.0.0 <=3.1.1)

semver-regex NPM version =3.0.0, =2.7.0, =1.2.0, =1.2.3 Source cves: unknown CVE Source advisory: SNYK:JS-SEMVERREGEX-1047770...

CVE-2020-26406

Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are:...

CVE-2020-26406

Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are:...