Author: GitLab Red Team
Prior to version 14, GitLab installations required a root password to be
set via the web UI. If the administrator skipped this step, any visitor
could set a password and control the instance.
Reference
- https://gitlab.com/gitlab-org/gitlab/-/issues/211328
- https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/5331
- https://docs.gitlab.com/omnibus/installation/#set-up-the-initial-password
Metadata
shodan-query: http.title:"GitLab"
Module preview
Concurrent Requests (1)
1. HTTP Request template
GET/users/sign_in
Matching conditions
word: Change your password, New password, Conf...and