id: gitlab-api-user-enum info: name: GitLab - User Information Disclosure Via Open API author: Suman_Kar severity: medium reference: - https://gitlab.com/gitlab-org/gitlab-foss/-/issues/40158 metadata: max-request: 100 shodan-query: http.title:"GitLab" tags: gitlab,enum,misconfig,disclosure http: - raw: - | GET /api/v4/users/{{uid}} HTTP/1.1 Host: {{Hostname}} Accept: application/json, text/plain, */* Referer: {{BaseURL}} payloads: uid: helpers/wordlists/numbers.txt stop-at-first-match: true matchers-condition: and matchers: - type: regex part: body condition: and regex: - "username.*" - "id.*" - "name.*" - type: word part: header words: - "application/json" - type: status status: - 200