From 95dd646e7acdfa4e746790f2c8c237d25deee278 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 1 Aug 2024 03:43:12 +0530 Subject: [PATCH 1/4] Create gitlab-ci-yml.yaml --- http/exposures/files/gitlab-ci-yml.yaml | 42 +++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 http/exposures/files/gitlab-ci-yml.yaml diff --git a/http/exposures/files/gitlab-ci-yml.yaml b/http/exposures/files/gitlab-ci-yml.yaml new file mode 100644 index 0000000000..51b8bc69c8 --- /dev/null +++ b/http/exposures/files/gitlab-ci-yml.yaml @@ -0,0 +1,42 @@ +id: gitlab-ci-yml + +info: + name: GitLab CI YAML - Exposure + author: DhiyaneshDK + severity: medium + description: | + The gitlab-ci.yml file, used for configuring CI/CD pipelines in GitLab, has been found exposed. This file contains crucial details about the build, test, and deployment processes, and may include sensitive information such as API keys, tokens, environment variables, and other credentials. + impact: | + Unauthorized access to this file can lead to severe security risks and operational disruptions. + reference: + - https://x.com/RootMoksha/status/1816571625388818923/photo/1 + metadata: + verified: true + max-request: 2 + shodan-query: html:"gitlab-ci.yml" + tags: exposure,config,cicd,gitlab + +http: + - method: GET + path: + - "{{BaseURL}}/.gitlab-ci.yml" + - "{{BaseURL}}/gitlab-ci.yml" + + stop-at-first-match: true + + matchers-condition: or + matchers: + - type: word + part: body + words: + - "variables:" + - "before_script:" + condition: and + + - type: word + part: body + words: + - "stage: build" + - "script:" + - "image:" + condition: and From 61605661857c586e26dd1ad65ed40d001d360dbd Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 1 Aug 2024 10:59:59 +0530 Subject: [PATCH 2/4] fix -error --- http/exposures/files/gitlab-ci-yml.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/exposures/files/gitlab-ci-yml.yaml b/http/exposures/files/gitlab-ci-yml.yaml index 51b8bc69c8..d7538d5890 100644 --- a/http/exposures/files/gitlab-ci-yml.yaml +++ b/http/exposures/files/gitlab-ci-yml.yaml @@ -21,7 +21,7 @@ http: path: - "{{BaseURL}}/.gitlab-ci.yml" - "{{BaseURL}}/gitlab-ci.yml" - + stop-at-first-match: true matchers-condition: or From 1e9e72036a6ca6a2adcc8c40f40a19b07e0df4b2 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 1 Aug 2024 11:07:13 +0530 Subject: [PATCH 3/4] additional matcher --- http/exposures/files/gitlab-ci-yml.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/http/exposures/files/gitlab-ci-yml.yaml b/http/exposures/files/gitlab-ci-yml.yaml index d7538d5890..2980bd9670 100644 --- a/http/exposures/files/gitlab-ci-yml.yaml +++ b/http/exposures/files/gitlab-ci-yml.yaml @@ -40,3 +40,11 @@ http: - "script:" - "image:" condition: and + + - type: word + part: body + words: + - "variables:" + - "releasePath:" + - "sshUser:" + condition: and From 9efe1f1530471df6c4e5e75a8acf3fff1c23d401 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 1 Aug 2024 11:11:38 +0530 Subject: [PATCH 4/4] add additional path --- http/exposures/files/gitlab-ci-yml.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/http/exposures/files/gitlab-ci-yml.yaml b/http/exposures/files/gitlab-ci-yml.yaml index 2980bd9670..de43fabef8 100644 --- a/http/exposures/files/gitlab-ci-yml.yaml +++ b/http/exposures/files/gitlab-ci-yml.yaml @@ -21,6 +21,7 @@ http: path: - "{{BaseURL}}/.gitlab-ci.yml" - "{{BaseURL}}/gitlab-ci.yml" + - "{{BaseURL}}/.gitlab-ci/variables.yml" stop-at-first-match: true