Title:GitLab Enterprise Edition和GitLab Community Edition 授权问题漏洞 (CVE-2021-4191) Description:GitLab Enterprise Edition是一套内容管理系统。GitLab Community Edition是美国GitLab公司的一种社区版 GitLab 。 GitLab Enterprise Edition和GitLab Community Edition存在授权问题漏洞,该漏洞源于应用程序在GraphQL API中输出了过多的数据。远程攻击者可利用该漏洞获得对系统敏感信息的未经授权的访问。
Description
An unauthenticated remote attacker can leverage this vulnerability to collect registered GitLab usernames, names, and email addresses.
File Snapshot
id: CVE-2021-4191
info:
name: GitLab GraphQL API User Enumeration
author: zsusac
severity: me
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.