daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2020/CVE-2020-26413.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-02-01 11:36:59 -05:00
parent 7c9e955e98
commit b58bd23609
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2020/CVE-2020-26413.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2020-26413
info:
name: Gitlab User enumeration via Graphql API
name: Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure
author: _0xf4n9x_,pikpikcu
severity: medium
description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.
description: GitLab CE and EE 13.4 through 13.6.2 is susceptible to Information disclosure via GraphQL. User email is visible. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference:
- https://gitlab.com/gitlab-org/gitlab/-/issues/244275
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.json
@ -50,3 +50,5 @@ requests:
part: body
json:
- '.data.users.edges[].node.email'
# Enhanced by md on 2023/02/01