GitLab 12.2 < 13.4.7 / 13.5 < 13.5.5 / 13.6 < 13.6.2 (CVE-2020-26415)
Discription
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2. (CVE-2020-26415) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More
References
Back to Main