Description
By using the graphql endpoint, it was possible to get list of all the Gitlab users. Therefore, this information can be used to conduct further attacks.
Remediation
Limit information exposed to anonymous users
References
Related Vulnerabilities
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.36)
Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-10003)
WordPress Plugin Gallery-Flagallery Photo Portfolio Information Disclosure (4.24)
WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Download (1.0.5)