Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-26413 — Sensitive Information Exposure in Gitlab

CWE-200 — Sensitive Information Exposure6 documents6 sources

Severity

5.3MEDIUMNVD

EPSS

82.1%

top 0.78%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Gitlab Debian Gitlab Gitlab CE EE +1 more

Timeline

PublishedDec 11

Latest updateMay 24

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶NVDgitlab/gitlab13.4.0 — 13.6.2

▶debiandebian/gitlab< gitlab 13.4.7-1 (sid)

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

▶CVEListV5gitlab/gitlab_ce_ee>=13.4, <13.4.7, >=13.5, <13.5.5, >=13.6, <13.6.2+2

🔴Vulnerability Details

GHSA

GHSA-j6h5-jcwm-38vr: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13↗2022-05-24

▶

OSV

CVE-2020-26413: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13↗2020-12-11

▶

💥Exploits & PoCs

Nuclei

Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure

▶

📋Vendor Advisories

GitLab

CVE-2020-26413: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in us↗2020-12-11

▶

Debian

CVE-2020-26413: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...↗2020

▶