CVE-2020-26408

A limited information disclosure vulnerability exists in Gitlab CE/EE from = 12.2 to =13.5 to =13.6 to 13.6.2 that allows an attacker to view limited information in user's private profile...

CVE-2020-26408

A limited information disclosure vulnerability exists in Gitlab CE/EE from = 12.2 to =13.5 to =13.6 to 13.6.2 that allows an attacker to view limited information in user's private profile...

CVE-2020-26417

Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions =13.6 to =13.5 to =13.1 to 13.4.7...

CVE-2020-26413

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible...

CVE-2020-26417

Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions =13.6 to =13.5 to =13.1 to 13.4.7...

CVE-2020-26408

CVE-2020-26408 affects GitLab CE/EE versions: 12.2 to <13.4.7, 13.5 to <13.5.5, and 13.6 to

CVE-2020-13357

CVE-2020-13357 affects GitLab CE/EE versions >=13.1 to =13.5 to =13.6 to

CVE-2020-26413

GitLab CE/EE versions 13.4 through 13.6.2 are affected by an information disclosure via GraphQL that exposes user email addresses. Root cause: GraphQL responses disclose sensitive user information. Impact: unauthorized users could view emails and related data through normal GraphQL queries. Remed...

CVE-2020-26413

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible...

CVE-2020-26413

Removed by vendor...

CVE-2020-26417

CVE-2020-26417 concerns information disclosure via GraphQL in GitLab CE/EE. Affected are GitLab versions: >=13.1 to =13.5 to =13.6 to

CVE-2020-26417

Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions =13.6 to =13.5 to =13.1 to 13.4.7...

CVE-2020-26417

Removed by vendor...

CVE-2020-26409

A DOS vulnerability exists in Gitlab CE/EE =10.3, =13.5, =13.6, 13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields...

Input validation

A DOS vulnerability exists in Gitlab CE/EE =10.3, =13.5, =13.6, 13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields...

CVE-2020-26409

CVE-2020-26409 affects GitLab CE/EE: 10.3–13.4.7, 13.5 (excluding 13.5.5), 13.6 (excluding 13.6.2). The vulnerability is a denial-of-service arising from bypassing input validation in Markdown fields, enabling an attacker to trigger uncontrolled resource consumption. Connected documents corrobora...

CVE-2020-26409

A DOS vulnerability exists in Gitlab CE/EE =10.3, =13.5, =13.6, 13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields...

PT-2020-16416 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: Gitlab CE/EE versions 10.3 through 13.4.6 Gitlab CE/EE versions 13.5 through 13.5.4 Gitlab CE/EE versions 13.6 through 13.6.1 Description: A DOS issue exists that allows an attacker to trigger uncontrolled resource consumption by bypassing...

CVE-2020-26407

A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project...

CVE-2020-26407

A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project...