CVE-2020-26413

MEDIUM NUCLEI

GitLab CE/EE <13.6.2 - Info Disclosure

Title source: llm

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.

Exploits (1)

nomisec WORKING POC 1 stars

by Kento-Sec · poc

https://github.com/Kento-Sec/GitLab-Graphql-CVE-2020-26413

View Code ZIP pw:eip

Nuclei Templates (1)

Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure

MEDIUMby _0xf4n9x_,pikpikcu

Shodan: http.title:"GitLab" || cpe:"cpe:2.3:a:gitlab:gitlab" || http.title:"gitlab"

FOFA: title="gitlab"

References (3)

[Vendor Advisory] https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.json

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/244275

[Permissions Required] https://hackerone.com/reports/972355

Scores

CVSS v3 5.3

EPSS 0.8215

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

gitlab/gitlab 13.4.0 - 13.6.2 (2 CPE variants)

Published Dec 11, 2020

Tracked Since Feb 18, 2026