GitLab 13.3 < 13.3.9 / 13.4 < 13.4.5 / 13.5 < 13.5.2 (CVE-2020-26406)
Discription

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: &gt;=13.3, &lt;13.3.9,&gt;=13.4, &lt;13.4.5,&gt;=13.5, &lt;13.5.2. (CVE-2020-26406) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More

Back to Main

Subscribe for the latest news: