GitLab Community Edition/Enterprise Edition up to 13.6.1 GraphQL information disclosure

EntryeditHistoryDiffjsonxmlCTI

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 13.6.1 (Bug Tracking Software) and classified as problematic. This issue affects an unknown function of the component GraphQL. Upgrading to version 13.6.2 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at gitlab.com. The best possible mitigation is suggested to be upgrading to the latest version.

Field12/11/2020 09:52 AM12/15/2020 08:56 PM12/15/2020 09:03 PM
vendorGitLabGitLabGitLab
nameCommunity Edition/Enterprise EditionCommunity Edition/Enterprise EditionCommunity Edition/Enterprise Edition
version<=13.6.1<=13.6.1<=13.6.1
componentGraphQLGraphQLGraphQL
cwe200 (information disclosure)200 (information disclosure)200 (information disclosure)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
urlhttps://hackerone.com/reports/972355https://hackerone.com/reports/972355https://hackerone.com/reports/972355
confirm_urlhttps://gitlab.com/gitlab-org/gitlab/-/issues/244275https://gitlab.com/gitlab-org/gitlab/-/issues/244275https://gitlab.com/gitlab-org/gitlab/-/issues/244275
nameUpgradeUpgradeUpgrade
upgrade_version13.6.213.6.213.6.2
patch_urlhttps://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.jsonhttps://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.jsonhttps://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.json
cveCVE-2020-26413CVE-2020-26413CVE-2020-26413
date1607641200 (12/11/2020)1607641200 (12/11/2020)1607641200 (12/11/2020)
typeBug Tracking SoftwareBug Tracking SoftwareBug Tracking Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore5.05.05.0
cvss2_vuldb_tempscore5.04.44.4
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.35.15.1
cvss3_meta_basescore5.35.35.3
cvss3_meta_tempscore5.35.15.1
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned16015032001601503200
cve_nvd_summaryAn issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.
cve_cnaGitLab Inc.

Do you want to use VulDB in your project?

Use the official API to access entries easily!