VulnerableCode Package Details - pkg:alpm/archlinux/gitlab@13.6.1-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-4vm6-67ra-6fct Aliases: CVE-2020-26416	Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.	13.6.2-1 Affected by 0 other vulnerabilities.
VCID-82a8-grn5-eqdj Aliases: CVE-2020-26412	Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.	13.6.2-1 Affected by 0 other vulnerabilities.
VCID-9bqx-bjky-zqen Aliases: CVE-2020-26417	Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2, >=13.5 to <13.5.5, and >=13.1 to <13.4.7.	13.6.2-1 Affected by 0 other vulnerabilities.
VCID-bjxw-yvhv-u7b8 Aliases: CVE-2020-13357	An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.	13.6.2-1 Affected by 0 other vulnerabilities.
VCID-cj92-8xpy-mqdw Aliases: CVE-2020-26407	A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project	13.6.2-1 Affected by 0 other vulnerabilities.
VCID-m2hg-kn7f-fygz Aliases: CVE-2020-26408	A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's private profile	13.6.2-1 Affected by 0 other vulnerabilities.
VCID-mz6d-zyzb-a3h6 Aliases: CVE-2020-26411	A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused.	13.6.2-1 Affected by 0 other vulnerabilities.
VCID-pg7c-w5h8-2fbk Aliases: CVE-2020-26409	A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.	13.6.2-1 Affected by 0 other vulnerabilities.
VCID-rafm-7u81-2qhy Aliases: CVE-2020-26413	An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.	13.6.2-1 Affected by 0 other vulnerabilities.
VCID-uux8-mqnn-dye4 Aliases: CVE-2020-26415	Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.	13.6.2-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4vm6-67ra-6fct
Aliases:
CVE-2020-26416

Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.