CVE-2020-26413
published 2020-12-11CVE-2020-26413: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email…
PriorityP348medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
33.77%
98.2th percentile
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 13.4.7-1 (sid) | gitlab 13.4.7-1 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 13.4.0 < 13.6.2 | 13.6.2 |
| gitlab | gitlab_ce | — | — |
| gitlab | gitlab_ce_ee | — | — |
| gitlab | gitlab_ce_ee | — | — |
| gitlab | gitlab_ce_ee | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/api/graphql
command{"query": "{\nusers {\nedges {\n node {\n username\n email\n avatarUrl\n status {\n emoji\n message\n messageHtml\n }\n }\n }\n }\n }", "variables": null, "operationName": null}
- →Detect exploitation attempts by monitoring POST requests to /api/graphql containing the 'users' query with 'email' field enumeration
- →Response body containing all three fields '"username":', '"avatarUrl":', and '"node":' together with HTTP 200 indicates successful information disclosure
- →Extract leaked user emails from GraphQL response using JSON path '.data.users.edges[].node.email'
- →Shodan/FOFA queries can be used to identify exposed GitLab instances as targets: search for http.title:"GitLab" or title="gitlab"
- ·Vulnerability affects GitLab CE/EE versions 13.4 through 13.6.2 only; versions prior to 13.4 and 13.6.3+ are not affected ↗
- ·The GraphQL endpoint is unauthenticated (PR:N, UI:N per CVSS), meaning no credentials are required to exploit this information disclosure
- ·High EPSS score (0.82145, 99.2nd percentile) indicates this CVE has a very high probability of exploitation in the wild
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.3MEDIUM
vendor_debian5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2020-26413: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in us
vendor_gitlab·2020-12-11·CVSS 5.3
CVE-2020-26413 [MEDIUM] CWE-200 CVE-2020-26413: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in us
CVE-2020-26413: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.
Debian
CVE-2020-26413: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
vendor_debian·2020·CVSS 5.3
CVE-2020-26413 [MEDIUM] CVE-2020-26413: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.
Scope: local
sid: resolved (fixed in 13.4.7-1)
GHSA
GHSA-j6h5-jcwm-38vr: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13
ghsa_unreviewed·2022-05-24
CVE-2020-26413 [MEDIUM] CWE-200 GHSA-j6h5-jcwm-38vr: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.
OSV
CVE-2020-26413: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13
osv·2020-12-11·CVSS 5.3
CVE-2020-26413 [MEDIUM] CVE-2020-26413: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.
No detection rules found.
Nuclei
Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure
nuclei·CVSS 5.3
CVE-2020-26413 [MEDIUM] Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure
Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure
GitLab CE and EE 13.4 through 13.6.2 is susceptible to Information disclosure via GraphQL. User email is visible. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
Template:
id: CVE-2020-26413
info:
name: Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure
author: _0xf4n9x_,pikpikcu
severity: medium
description: GitLab CE and EE 13.4 through 13.6.2 is susceptible to Information disclosure via GraphQL. User email is visible. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
impact: |
An attacker can gain unauthorized acce
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/244275https://hackerone.com/reports/972355https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/244275https://hackerone.com/reports/972355
2020-12-11
Published