daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3814 from projectdiscovery/gitlab-meta-update 

GitLab metadata update
patch-1
Sandeep Singh 2022-03-02 21:20:55 +05:30 committed by GitHub
parent d85dfaf76d 6d32b81b2a
commit cf9e3f95c3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 25 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2020/CVE-2020-2096.yaml
View File

@ -9,6 +9,8 @@ info:
- https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683
- http://www.openwall.com/lists/oss-security/2020/01/15/1
- http://packetstormsecurity.com/files/155967/Jenkins-Gitlab-Hook-1.4.2-Cross-Site-Scripting.html
metadata:
shodan-query: http.title:"GitLab"
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.10

4
cves/2020/CVE-2020-26413.yaml
View File

@ -9,12 +9,14 @@ info:
- https://gitlab.com/gitlab-org/gitlab/-/issues/244275
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.json
- https://nvd.nist.gov/vuln/detail/CVE-2020-26413
tags: cve,cve2020,gitlab,exposure,enum,graphql
metadata:
shodan-query: http.title:"GitLab"
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.30
cve-id: CVE-2020-26413
cwe-id: CWE-200
tags: cve,cve2020,gitlab,exposure,enum,graphql
requests:
- raw:

2
cves/2021/CVE-2021-22205.yaml
View File

@ -13,6 +13,8 @@ info:
- https://security.humanativaspa.it/gitlab-ce-cve-2021-22205-in-the-wild/
- https://hackerone.com/reports/1154542
- https://nvd.nist.gov/vuln/detail/CVE-2021-22205
metadata:
shodan-query: http.title:"GitLab"
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
cvss-score: 9.90

4
cves/2021/CVE-2021-22214.yaml
View File

@ -9,12 +9,14 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2021-22214
- https://vin01.github.io/piptagole/gitlab/ssrf/security/2021/06/15/gitlab-ssrf.html
- https://docs.gitlab.com/ee/api/lint.html
tags: cve,cve2021,gitlab,ssrf,oast
metadata:
shodan-query: http.title:"GitLab"
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.60
cve-id: CVE-2021-22214
cwe-id: CWE-918
tags: cve,cve2021,gitlab,ssrf,oast
requests:
- raw:

3
default-logins/gitlab/gitlab-weak-login.yaml
View File

@ -11,9 +11,6 @@ info:
metadata:
shodan-query: http.title:"GitLab"
# Gitlab blocks for 10 minutes after 5 "Invalid" attempts for valid user.
# So make sure, not to attempt more than 4 password for same valid user.
requests:
- raw:
- |

2
exposed-panels/gitlab-detect.yaml
View File

@ -4,6 +4,8 @@ info:
name: Detect Gitlab
author: ehsahil
severity: info
metadata:
shodan-query: http.title:"GitLab"
tags: panel,gitlab
requests:

2
misconfiguration/gitlab/gitlab-api-user-enum.yaml
View File

@ -5,6 +5,8 @@ info:
name: GitLab - User Information Disclosure Via Open API
severity: medium
reference: https://gitlab.com/gitlab-org/gitlab-foss/-/issues/40158
metadata:
shodan-query: http.title:"GitLab"
tags: gitlab,enum,misconfig,disclosure
requests:

2
misconfiguration/gitlab/gitlab-public-repos.yaml
View File

@ -8,6 +8,8 @@ info:
reference:
- https://twitter.com/ldionmarcil/status/1370052344562470922
- https://github.com/ldionmarcil/gitlab-unauth-parser
metadata:
shodan-query: http.title:"GitLab"
requests:
- method: GET

2
misconfiguration/gitlab/gitlab-public-signup.yaml
View File

@ -4,6 +4,8 @@ info:
name: GitLab public signup
author: pdteam
severity: info
metadata:
shodan-query: http.title:"GitLab"
tags: gitlab,misconfig
requests:

4
misconfiguration/gitlab/gitlab-public-snippets.yaml
View File

@ -4,10 +4,12 @@ info:
name: GitLab public snippets
author: pdteam
severity: info
tags: gitlab,exposure,misconfig
metadata:
shodan-query: http.title:"GitLab"
reference:
- https://gist.github.com/vysecurity/20311c29d879e0aba9dcffbe72a88b10
- https://twitter.com/intigriti/status/1375078783338876929
tags: gitlab,exposure,misconfig
requests:
- method: GET

2
misconfiguration/gitlab/gitlab-user-enum.yaml
View File

@ -5,6 +5,8 @@ info:
name: GitLab - User Enumeration
severity: info
reference: https://github.com/danielmiessler/SecLists/blob/master/Usernames/Names/malenames-usa-top1000.txt
metadata:
shodan-query: http.title:"GitLab"
tags: gitlab,enum,misconfig,fuzz
requests:

2
vulnerabilities/gitlab/gitlab-rce.yaml
View File

@ -9,6 +9,8 @@ info:
- https://security.humanativaspa.it/gitlab-ce-cve-2021-22205-in-the-wild/
- https://hackerone.com/reports/1154542
- https://nvd.nist.gov/vuln/detail/CVE-2021-22205
metadata:
shodan-query: http.title:"GitLab"
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
cvss-score: 9.90