Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

GitLab - User Information Disclosure Via Open API

By kannthu

Medium
Vidoc logoVidoc Module
#gitlab#enum#misconfig#disclosure
Description

GitLab - User Information Disclosure Via Open API

What is the "GitLab - User Information Disclosure Via Open API?"

The "GitLab - User Information Disclosure Via Open API" module is designed to detect a specific vulnerability in GitLab, a web-based DevOps lifecycle tool. This module focuses on identifying instances where user information can be exposed through the GitLab Open API. The severity of this vulnerability is classified as medium.

Author: Suman_Kar

Impact

If successfully exploited, this vulnerability could lead to the disclosure of sensitive user information, such as usernames, IDs, and names. This information could potentially be used for malicious purposes, including targeted attacks or identity theft.

How the module works?

The module works by sending a specific HTTP request to the target GitLab instance. The request is structured as follows:

GET /api/v4/users/{%uid%} HTTP/1.1
Host: {%Hostname%}
Accept: application/json, text/plain, */*
Referer: 

The module then applies several matching conditions to determine if the vulnerability exists:

- The response body is checked for the presence of certain keywords related to user information. - The response header is checked to ensure it contains the "application/json" content type. - The HTTP status code is checked to ensure it is 200 (OK).

If all matching conditions are met, the module reports a vulnerability.

Reference

- https://gitlab.com/gitlab-org/gitlab-foss/-/issues/40158

Metadata

shodan-query: http.title:"GitLab"

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
regex: username.*, id.*, name.*and
word: application/jsonand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability