CVE-2020-26412
First published: Fri Dec 11 2020(Updated: )
Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=13.2.0<13.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2020-26412.
What is the severity level of CVE-2020-26412?
CVE-2020-26412 has a severity level of medium.
What software versions are affected by CVE-2020-26412?
Versions of GitLab EE from 13.2 to 13.6.2 are affected by CVE-2020-26412.
What was the impact of CVE-2020-26412?
Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics.
How can I fix CVE-2020-26412?
To fix CVE-2020-26412, you should update GitLab EE to version 13.6.2 or higher.
- agent/references
- agent/type
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/13.2.0