GitLab metadata update

patch-1
sandeep 2022-03-02 13:05:29 +05:30
parent f5cf88c2e8
commit 6d32b81b2a
12 changed files with 25 additions and 6 deletions

View File

@ -9,6 +9,8 @@ info:
- https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683
- http://www.openwall.com/lists/oss-security/2020/01/15/1
- http://packetstormsecurity.com/files/155967/Jenkins-Gitlab-Hook-1.4.2-Cross-Site-Scripting.html
metadata:
shodan-query: http.title:"GitLab"
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10

View File

@ -9,12 +9,14 @@ info:
- https://gitlab.com/gitlab-org/gitlab/-/issues/244275
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.json
- https://nvd.nist.gov/vuln/detail/CVE-2020-26413
tags: cve,cve2020,gitlab,exposure,enum,graphql
metadata:
shodan-query: http.title:"GitLab"
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.30
cve-id: CVE-2020-26413
cwe-id: CWE-200
tags: cve,cve2020,gitlab,exposure,enum,graphql
requests:
- raw:

View File

@ -13,6 +13,8 @@ info:
- https://security.humanativaspa.it/gitlab-ce-cve-2021-22205-in-the-wild/
- https://hackerone.com/reports/1154542
- https://nvd.nist.gov/vuln/detail/CVE-2021-22205
metadata:
shodan-query: http.title:"GitLab"
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
cvss-score: 9.90

View File

@ -9,12 +9,14 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2021-22214
- https://vin01.github.io/piptagole/gitlab/ssrf/security/2021/06/15/gitlab-ssrf.html
- https://docs.gitlab.com/ee/api/lint.html
tags: cve,cve2021,gitlab,ssrf,oast
metadata:
shodan-query: http.title:"GitLab"
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.60
cve-id: CVE-2021-22214
cwe-id: CWE-918
tags: cve,cve2021,gitlab,ssrf,oast
requests:
- raw:

View File

@ -11,9 +11,6 @@ info:
metadata:
shodan-query: http.title:"GitLab"
# Gitlab blocks for 10 minutes after 5 "Invalid" attempts for valid user.
# So make sure, not to attempt more than 4 password for same valid user.
requests:
- raw:
- |

View File

@ -4,6 +4,8 @@ info:
name: Detect Gitlab
author: ehsahil
severity: info
metadata:
shodan-query: http.title:"GitLab"
tags: panel,gitlab
requests:

View File

@ -5,6 +5,8 @@ info:
name: GitLab - User Information Disclosure Via Open API
severity: medium
reference: https://gitlab.com/gitlab-org/gitlab-foss/-/issues/40158
metadata:
shodan-query: http.title:"GitLab"
tags: gitlab,enum,misconfig,disclosure
requests:

View File

@ -8,6 +8,8 @@ info:
reference:
- https://twitter.com/ldionmarcil/status/1370052344562470922
- https://github.com/ldionmarcil/gitlab-unauth-parser
metadata:
shodan-query: http.title:"GitLab"
requests:
- method: GET

View File

@ -4,6 +4,8 @@ info:
name: GitLab public signup
author: pdteam
severity: info
metadata:
shodan-query: http.title:"GitLab"
tags: gitlab,misconfig
requests:

View File

@ -4,10 +4,12 @@ info:
name: GitLab public snippets
author: pdteam
severity: info
tags: gitlab,exposure,misconfig
metadata:
shodan-query: http.title:"GitLab"
reference:
- https://gist.github.com/vysecurity/20311c29d879e0aba9dcffbe72a88b10
- https://twitter.com/intigriti/status/1375078783338876929
tags: gitlab,exposure,misconfig
requests:
- method: GET

View File

@ -5,6 +5,8 @@ info:
name: GitLab - User Enumeration
severity: info
reference: https://github.com/danielmiessler/SecLists/blob/master/Usernames/Names/malenames-usa-top1000.txt
metadata:
shodan-query: http.title:"GitLab"
tags: gitlab,enum,misconfig,fuzz
requests:

View File

@ -9,6 +9,8 @@ info:
- https://security.humanativaspa.it/gitlab-ce-cve-2021-22205-in-the-wild/
- https://hackerone.com/reports/1154542
- https://nvd.nist.gov/vuln/detail/CVE-2021-22205
metadata:
shodan-query: http.title:"GitLab"
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
cvss-score: 9.90