Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
GitLab public snippets is a module that detects misconfigurations in GitLab instances related to the exposure of public snippets. It targets GitLab, a web-based DevOps lifecycle tool that provides a repository manager, issue tracking, continuous integration, and more.
This module has an informative severity level, meaning it provides valuable information but does not indicate a critical vulnerability.
Author: pdteam
This module helps identify instances where GitLab public snippets are exposed to unauthorized access. If misconfigured, these public snippets may contain sensitive information that could be accessed by unauthorized individuals.
The GitLab public snippets module works by sending HTTP requests to specific endpoints and matching the responses against predefined conditions. It checks for the presence of the title "Snippets · Explore · GitLab" in the response, a status code of 200, and the absence of certain phrases like "No snippets found" or "Nothing here."
Example HTTP request:
GET /explore/snippets
Matching conditions:
- The response must contain the title "Snippets · Explore · GitLab" and have a status code of 200. - The response should not include the phrases "No snippets found" or "Nothing here."Reference:
- https://gist.github.com/vysecurity/20311c29d879e0aba9dcffbe72a88b10 - https://twitter.com/intigriti/status/1375078783338876929Metadata:
shodan-query: http.title:"GitLab"