Information Disclosure

2020-12-1619:57:36

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

38.9%

gitlab is vulnerable to information disclosure. It exposes private group and project membership via GraphQL in GitLab CE/EE 13.1.

CPENameOperatorVersion
gitlab:sideq13.3.9-1

CPE	Name	Operator	Version
	gitlab:sid	eq	13.3.9-1

References

gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26417.json

gitlab.com/gitlab-org/gitlab/-/issues/282539

security-tracker.debian.org/tracker/CVE-2020-26417

0.001 Low

EPSS

Percentile

38.9%

Related for VERACODE:28622