What is CVE-2020-26413?

CVE-2020-26413 is a medium-severity vulnerability in Gitlab Ce/ee. CVSS score: 5.3/10. Published 2020-12-11.

How severe is CVE-2020-26413?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2020-26413 known to be exploited?

22 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Gitlab Ce/ee

CVE-2020-26413

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.

EPSS: 0.821 (99.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Gitlab Ce/ee — versions >=13.4, <13.4.7, >=13.5, <13.5.5, >=13.6, <13.6.2

Public proof-of-concept exploits

References

gitlab.com/gitlab-org/gitlab/-/issues/244275 (x_refsource_MISC)
hackerone.com/reports/972355 (x_refsource_MISC)
gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.json (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-26413?: CVE-2020-26413 is a medium-severity vulnerability in Gitlab Ce/ee. CVSS score: 5.3/10. Published 2020-12-11.
How severe is CVE-2020-26413?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2020-26413 known to be exploited?: 22 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.