GitLab 13.3 < 13.3.9 / 13.4 < 13.4.5 / 13.5 < 13.5.2 (CVE-2020-26406)
Discription
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: >=13.3, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. (CVE-2020-26406) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More
References
Back to Main