CVE-2020-5244: Information Exposure

February 24, 2020 (updated February 25, 2020)

In BuddyPress, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed.

References

buddypress.org/2020/01/buddypress-5-1-2/
nvd.nist.gov/vuln/detail/CVE-2020-5244

Detect and mitigate CVE-2020-5244 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →