daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2021/CVE-2021-4191.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-03-07 14:12:26 -05:00
parent aac30ad6ef
commit 81868f926d
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cves/2021/CVE-2021-4191.yaml
View File

@ -4,10 +4,11 @@ info:
name: GitLab GraphQL API User Enumeration name: GitLab GraphQL API User Enumeration
author: zsusac author: zsusac
severity: medium severity: medium
description: A remote, unauthenticated attacker can use this vulnerability to collect registered GitLab usernames, names, and email addresses. description: An unauthenticated remote attacker can leverage this vulnerability to collect registered GitLab usernames, names, and email addresses.
reference: reference:
- https://www.rapid7.com/blog/post/2022/03/03/cve-2021-4191-gitlab-graphql-api-user-enumeration-fixed/ - https://www.rapid7.com/blog/post/2022/03/03/cve-2021-4191-gitlab-graphql-api-user-enumeration-fixed/
- https://thehackernews.com/2022/03/new-security-vulnerability-affects.html - https://thehackernews.com/2022/03/new-security-vulnerability-affects.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-4191
classification: classification:
cvss-metrics: CVSS:5.3/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-metrics: CVSS:5.3/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3 cvss-score: 5.3
@ -47,3 +48,5 @@ requests:
- type: json - type: json
json: json:
- '.data.users.nodes[].username' - '.data.users.nodes[].username'
# Enhanced by mp on 2022/03/07