.. / CVE-2021-4191

Exploit for GitLab GraphQL API User Enumeration (CVE-2021-4191)

Description:

An unauthenticated remote attacker can leverage this vulnerability to collect registered GitLab usernames, names, and email addresses.

Nuclei Template

View the template here CVE-2021-4191.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-4191.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-4191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-4191
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4191.json
https://www.rapid7.com/blog/post/2022/03/03/cve-2021-4191-gitlab-graphql-api-user-enumeration-fixed/
https://gitlab.com/gitlab-org/gitlab/-/issues/343898
https://thehackernews.com/2022/03/new-security-vulnerability-affects.html