CVE-2020-26415

Removed by vendor...

PT-2020-16422 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.1 through 13.4.7 GitLab CE/EE versions 13.5 through 13.5.5 GitLab CE/EE versions 13.6 through 13.6.2 Description: The issue concerns information disclosure via GraphQL, exposing private group and project membership...

PT-2020-16420 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.2 through 13.4.7 GitLab versions 13.5 through 13.5.5 GitLab versions 13.6 through 13.6.2 Description: Information about the starred projects for private user profiles was exposed via the GraphQL API starting from version...

PT-2020-16419 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.4 through 13.6.1 Description: An issue has been discovered in GitLab CE/EE, where information disclosure via GraphQL results in user email being unexpectedly visible. Recommendations: For versions 13.4 through 13.6.1,...

GitLab 信息泄露漏洞

GitLab is a Ruby on Rails developed, self-hosted, Git version control system project repository application from GitLab, Inc. The program can be used to access the project's file contents, commit history, bug list , etc. Git is a free, open source distributed version control system. GitLab CE/EE...

GitLab Information Disclosure Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab that originates...

GitLab CE/EE Information Disclosure Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab CE/EE version...

FreeBSD : Gitlab -- Multiple vulnerabilities (5d5e5cda-38e6-11eb-bbbf-001b217b3468)

Gitlab reports : XSS in Zoom Meeting URL Limited Information Disclosure in Private Profile User email exposed via GraphQL endpoint Group and project membership potentially exposed via GraphQL Search terms logged in search parameter in rails logs Un-authorised access to feature flag user list A...

Gitlab -- Multiple vulnerabilities

Gitlab reports: XSS in Zoom Meeting URL Limited Information Disclosure in Private Profile User email exposed via GraphQL endpoint Group and project membership potentially exposed via GraphQL Search terms logged in search parameter in rails logs Un-authorised access to feature flag user list A...

Shopify: Staff with no permissions could possibly list and accept billing promotions

Hi, Description I was looking for undocumented GraphQL API endpoints and noticed a query and mutation related to what seems to be billing promotions, but I'm not 100% sure about this since I have no idea where those promotions would come from. However, since those GraphQL endpoints were found...

Information Disclosure

datasette-graphql is vulnerable to information disclosure. The vulnerability exists as it does not perform permission checks, allowing private database schema to be revealed...

GHSA-74HV-QJJQ-H7G5 datasette-graphql leaks details of the schema of private database files

Impact When running against a Datasette instance with private databases, datasette-graphql would expose the schema of those database tables - but not the table contents. Patches Patched in version 1.2. Workarounds This issue is only present if a Datasette instance that includes private databases...

datasette-graphql leaks details of the schema of private database files

Impact When running against a Datasette instance with private databases, datasette-graphql would expose the schema of those database tables - but not the table contents. Patches Patched in version 1.2. Workarounds This issue is only present if a Datasette instance that includes private databases...

fabric8-analytics-lsp-server (=0.3.0), graphql-validated-types (>=2.7.0 <=2.11.0) +1 more potentially affected by unknown CVE via semver-regex (>=3.0.0 <=3.1.1)

semver-regex NPM version =3.0.0, =2.7.0, =1.2.0, =1.2.3 Source cves: unknown CVE Source advisory: SNYK:JS-SEMVERREGEX-1047770...

CVE-2020-26406

Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are:...

CVE-2020-26406

Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are:...

CVE-2020-26406

Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are:...

Design/Logic Flaw

Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are:...

CVE-2020-26406

GitLab GitLab EE vulnerability CVE-2020-26406: Certain SAST CiConfiguration information could be viewed by unauthorized users via GraphQL. Affected products/versions: GitLab EE 13.3 (up to 13.3.8), 13.4 (up to 13.4.4), and 13.5 (up to 13.5.1). Root cause: misexposure of SAST CiConfiguration data ...

CVE-2020-26406

Removed by vendor...