GitLab GraphQL API User Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab GraphQL API User Enumeration', 'Description' = %q This module queries the GitLab GraphQL API without authentication to acquire the list of...

VulnCheck KEV: CVE-2021-4191

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API...

CVE-2021-4191

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API...

CVE-2021-4191

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API...

CVE-2021-4191

The CVE-2021-4191 issue in GitLab CE/EE (affected versions: 13.0–14.6.5, 14.7–14.7.4, 14.8–14.8.2) enables user enumeration via the GraphQL API for unauthenticated users on privately signed-up instances. Root cause: missing authentication checks in specific GraphQL queries, allowing an attacker t...

GitLab 12.10.x - 14.6.4, 14.7.x - 14.7.3, 14.8.x - 14.8.1 Multiple Vulnerabilities

GitLab is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

Metasploit Weekly Wrap-Up

CVE-2022-21999 - SpoolFool Our very own Shelby Pace has added a new module for the CVE-2022-21999 SpoolFool privilege escalation vulnerability. This escalation vulnerability can be leveraged to achieve code execution as SYSTEM. This new module has successfully been tested on Windows 10 10.0 Build...

GitLab 13.0 < 14.6.5 / 14.7 < 14.7.4 / 14.8 < 14.8.2 (CVE-2021-4191)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user...

GitLab GraphQL API User Enumeration

This module queries the GitLab GraphQL API without authentication to acquire the list of GitLab users CVE-2021-4191. The module works on all GitLab versions from 13.0 up to 14.8.2, 14.7.4, and 14.6.5. Module Options msf use auxiliary/scanner/http/gitlabgraphqluserenum msf...

FreeBSD : Gitlab -- multiple vulnerabilities (2823048d-9f8f-11ec-8c9c-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2823048d-9f8f-11ec-8c9c-001b217b3468 advisory. - Inaccurate display of Snippet files containing special characters in all versions of GitLab...

Thousands of GitLab instances impacted by multiple security flaws

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Multiple security vulnerabilities have been discovered by researchers in GitLab, an open-source DevOps software. Some of these flaws could allow an unauthenticated remote attacker to retrieve all information linked to GitLab...

CVE-2021-4191

creationtimestamp| type| source ---|---|--- 2022-03-04 11:22:38+00:00| seen| https://t.me/NeKaspersky/1928 2022-03-04 11:50:35+00:00| seen| https://t.me/cKure/8928 2022-03-04 15:58:10+00:00| published-proof-of-concept| https://t.me/intelexch/10063 2022-03-05 10:56:24+00:00| seen|...

New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances

Researchers have disclosed details of a new security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information. Tracked as CVE-2021-4191 CVSS score: 5.3, the medium-severity flaw affects all version...

GitLab 13.0.x < 14.6.5, 14.7.x < 14.7.4, 14.8.x < 14.8.2 GraphQL API User Enumeration Vulnerability - Active Check

GitLab is prone to a user enumeration vulnerability via the GraphQL API. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...