module
GitLab GraphQL API User Enumeration
Disclosed | Created |
---|---|
2022-02-25 | 2022-03-12 |
Disclosed
2022-02-25
Created
2022-03-12
Description
This module queries the GitLab GraphQL API without authentication
to acquire the list of GitLab users (CVE-2021-4191). The module works
on all GitLab versions from 13.0 up to 14.8.2, 14.7.4, and 14.6.5.
to acquire the list of GitLab users (CVE-2021-4191). The module works
on all GitLab versions from 13.0 up to 14.8.2, 14.7.4, and 14.6.5.
Authors
jbaines-r7
mungsul
mungsul
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.