GitLab metadata update
parent
f5cf88c2e8
commit
6d32b81b2a
|
@ -9,6 +9,8 @@ info:
|
|||
- https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683
|
||||
- http://www.openwall.com/lists/oss-security/2020/01/15/1
|
||||
- http://packetstormsecurity.com/files/155967/Jenkins-Gitlab-Hook-1.4.2-Cross-Site-Scripting.html
|
||||
metadata:
|
||||
shodan-query: http.title:"GitLab"
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
|
|
|
@ -9,12 +9,14 @@ info:
|
|||
- https://gitlab.com/gitlab-org/gitlab/-/issues/244275
|
||||
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.json
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-26413
|
||||
tags: cve,cve2020,gitlab,exposure,enum,graphql
|
||||
metadata:
|
||||
shodan-query: http.title:"GitLab"
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.30
|
||||
cve-id: CVE-2020-26413
|
||||
cwe-id: CWE-200
|
||||
tags: cve,cve2020,gitlab,exposure,enum,graphql
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -13,6 +13,8 @@ info:
|
|||
- https://security.humanativaspa.it/gitlab-ce-cve-2021-22205-in-the-wild/
|
||||
- https://hackerone.com/reports/1154542
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-22205
|
||||
metadata:
|
||||
shodan-query: http.title:"GitLab"
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 9.90
|
||||
|
|
|
@ -9,12 +9,14 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2021-22214
|
||||
- https://vin01.github.io/piptagole/gitlab/ssrf/security/2021/06/15/gitlab-ssrf.html
|
||||
- https://docs.gitlab.com/ee/api/lint.html
|
||||
tags: cve,cve2021,gitlab,ssrf,oast
|
||||
metadata:
|
||||
shodan-query: http.title:"GitLab"
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.60
|
||||
cve-id: CVE-2021-22214
|
||||
cwe-id: CWE-918
|
||||
tags: cve,cve2021,gitlab,ssrf,oast
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
|
|
@ -11,9 +11,6 @@ info:
|
|||
metadata:
|
||||
shodan-query: http.title:"GitLab"
|
||||
|
||||
# Gitlab blocks for 10 minutes after 5 "Invalid" attempts for valid user.
|
||||
# So make sure, not to attempt more than 4 password for same valid user.
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
|
|
|
@ -4,6 +4,8 @@ info:
|
|||
name: Detect Gitlab
|
||||
author: ehsahil
|
||||
severity: info
|
||||
metadata:
|
||||
shodan-query: http.title:"GitLab"
|
||||
tags: panel,gitlab
|
||||
|
||||
requests:
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
name: GitLab - User Information Disclosure Via Open API
|
||||
severity: medium
|
||||
reference: https://gitlab.com/gitlab-org/gitlab-foss/-/issues/40158
|
||||
metadata:
|
||||
shodan-query: http.title:"GitLab"
|
||||
tags: gitlab,enum,misconfig,disclosure
|
||||
|
||||
requests:
|
||||
|
|
|
@ -8,6 +8,8 @@ info:
|
|||
reference:
|
||||
- https://twitter.com/ldionmarcil/status/1370052344562470922
|
||||
- https://github.com/ldionmarcil/gitlab-unauth-parser
|
||||
metadata:
|
||||
shodan-query: http.title:"GitLab"
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,8 @@ info:
|
|||
name: GitLab public signup
|
||||
author: pdteam
|
||||
severity: info
|
||||
metadata:
|
||||
shodan-query: http.title:"GitLab"
|
||||
tags: gitlab,misconfig
|
||||
|
||||
requests:
|
||||
|
|
|
@ -4,10 +4,12 @@ info:
|
|||
name: GitLab public snippets
|
||||
author: pdteam
|
||||
severity: info
|
||||
tags: gitlab,exposure,misconfig
|
||||
metadata:
|
||||
shodan-query: http.title:"GitLab"
|
||||
reference:
|
||||
- https://gist.github.com/vysecurity/20311c29d879e0aba9dcffbe72a88b10
|
||||
- https://twitter.com/intigriti/status/1375078783338876929
|
||||
tags: gitlab,exposure,misconfig
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,6 +5,8 @@ info:
|
|||
name: GitLab - User Enumeration
|
||||
severity: info
|
||||
reference: https://github.com/danielmiessler/SecLists/blob/master/Usernames/Names/malenames-usa-top1000.txt
|
||||
metadata:
|
||||
shodan-query: http.title:"GitLab"
|
||||
tags: gitlab,enum,misconfig,fuzz
|
||||
|
||||
requests:
|
||||
|
|
|
@ -9,6 +9,8 @@ info:
|
|||
- https://security.humanativaspa.it/gitlab-ce-cve-2021-22205-in-the-wild/
|
||||
- https://hackerone.com/reports/1154542
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-22205
|
||||
metadata:
|
||||
shodan-query: http.title:"GitLab"
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 9.90
|
||||
|
|
Loading…
Reference in New Issue