Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

GitLab public repositories

By kannthu

Informative
Vidoc logoVidoc Module
#gitlab#exposure#misconfig
Description

GitLab public repositories

What is GitLab public repositories?

GitLab public repositories is a module that detects misconfigurations in GitLab instances. It targets GitLab, a web-based DevOps lifecycle tool that provides a Git repository manager, issue tracking, and continuous integration and deployment. This module focuses on identifying misconfigurations in GitLab instances that may expose sensitive information to unauthorized users. It is designed to help organizations identify and address potential security risks in their GitLab deployments.

This module has an informative severity level, which means it provides valuable information about potential misconfigurations but does not indicate a critical vulnerability or immediate threat.

Impact

The misconfigurations detected by this module can have various impacts on the security of GitLab instances. Exposing sensitive information, such as project names and namespaces, can potentially aid attackers in their reconnaissance efforts and increase the risk of unauthorized access to sensitive data. It is important for organizations to address these misconfigurations to maintain the confidentiality and integrity of their GitLab repositories.

How the module works?

The GitLab public repositories module works by sending HTTP requests to the target GitLab instance and analyzing the responses for specific patterns. It checks for the presence of the "Set-Cookie: _gitlab_session=" header in the response, indicating that the GitLab session cookie is being set. Additionally, it looks for the presence of the "name_with_namespace" keyword in the response body, which indicates the exposure of project names and namespaces.

Here is an example of an HTTP request sent by this module:

GET /api/v4/projects
Headers:
Cookie: _gitlab_session=

The module matches the response against the following conditions:

- The response must contain the "Set-Cookie: _gitlab_session=" header. - The response body must contain the "name_with_namespace" keyword.

If both conditions are met, the module identifies a potential misconfiguration in the GitLab instance.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/api/v4/projects
Headers

Cookie: _gitlab_session=

Matching conditions
word: Set-Cookie: _gitlab_session=and
word: name_with_namespace
Passive global matcher
No matching conditions.
On match action
Report vulnerability