CVE-2022-0735 PoC — GitLab Community Edition 和 Enterprise Edition 信息泄露漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-0735.yaml

Associated Vulnerability

Title:GitLab Community Edition 和 Enterprise Edition 信息泄露漏洞 (CVE-2022-0735)
Description:GitLab Enterprise Edition是一套内容管理系统。GitLab Community Edition是美国GitLab公司的一种社区版 GitLab 。 GitLab Community Edition (CE) and Enterprise Edition (EE)存在信息泄露漏洞，该漏洞源于应用程序输出的数据过多。远程用户可以使用快速操作命令通过该漏洞窃取跑步者注册令牌。

Description

GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5, from 14.7 before 14.7.4, and from 14.8 before 14.8.2.

File Snapshot


 id: CVE-2022-0735

info:
  name: GitLab CE/EE - Information Disclosure
  author: GitLab Red Team
  s

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!