Gitlab user disclosure

Description

By using the graphql endpoint, it was possible to get list of all the Gitlab users. Therefore, this information can be used to conduct further attacks.

Remediation

Limit information exposed to anonymous users

References

GitLab GraphQL API

Related Vulnerabilities

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)

WordPress 3.0.4 Multiple Vulnerabilities (0.6.2 - 3.0.4)

Whoops error handler component detected

WordPress Plugin SiteGuard WP Information Disclosure (1.7.6)

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.31)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Remediation

References

Related Vulnerabilities

Severity

Classification

Tags

Take action and discover your vulnerabilities