Lucene search
Ubuntu.comUB:CVE-2020-26406HistoryNov 17, 2020 - 12:00 a.m.
CVE-2020-26406
2020-11-1700:00:00
ubuntu.com
ubuntu.com
5
0.001 Low
EPSS
Percentile
40.1%
Certain SAST CiConfiguration information could be viewed by unauthorized
users in GitLab EE starting with 13.3. This information was exposed through
GraphQL to non-members of public projects with repository visibility
restricted as well as guest members on private projects. Affected versions
are: >=13.3, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
References
gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26406.json
gitlab.com/gitlab-org/gitlab/-/issues/244921
hackerone.com/reports/965602
launchpad.net/bugs/cve/CVE-2020-26406
nvd.nist.gov/vuln/detail/CVE-2020-26406
security-tracker.debian.org/tracker/CVE-2020-26406
www.cve.org/CVERecord?id=CVE-2020-26406
Related
nessus
nessus
GitLab 13.3 < 13.3.9 / 13.4 < 13.4.5 / 13.5 < 13.5.2 (CVE-2020-26406)
2024-05-17 00:00:00
osv
osv
CVE-2020-26406
2020-11-17 01:15:13
BIT-gitlab-2020-26406
2024-03-06 11:21:20
cvelist
cvelist
CVE-2020-26406
2020-11-17 00:13:19
prion
prion
Design/Logic Flaw
2020-11-17 01:15:00
debiancve
debiancve
CVE-2020-26406
2020-11-17 01:15:00
cve
cve
CVE-2020-26406
2020-11-17 01:15:00