CVE-2021-4191

MEDIUM EXPLOITED NUCLEI

GitLab GraphQL API User Enumeration

Title source: metasploit

Description

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.

Exploits (3)

nomisec SCANNER 8 stars

by K3ysTr0K3R · infoleak

https://github.com/K3ysTr0K3R/CVE-2021-4191-EXPLOIT

View Code ZIP pw:eip

nomisec WORKING POC

by Adelittle · infoleak

https://github.com/Adelittle/CVE-2021-4191_Exploits

View Code ZIP pw:eip

metasploit WORKING POC

by jbaines-r7, mungsul · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/gitlab_graphql_user_enum.rb

View Code ZIP pw:eip

Nuclei Templates (1)

GitLab GraphQL API User Enumeration

MEDIUMby zsusac

Shodan: cpe:"cpe:2.3:a:gitlab:gitlab" || http.title:"gitlab"

FOFA: title="gitlab"

References (3)

[Vendor Advisory] https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4191.json

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/343898

[Permissions Required, Third Party Advisory] https://hackerone.com/reports/1089609

Scores

CVSS v3 5.3

EPSS 0.9226

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2023-11-14

Status published

Products (1)

gitlab/gitlab 13.0.0 - 14.6.5 (2 CPE variants)

Published Mar 28, 2022

Tracked Since Feb 18, 2026