{"id":13844059,"url":"https://github.com/kh4sh3i/Gitlab-CVE","last_synced_at":"2025-07-11T21:32:48.725Z","repository":{"id":109663851,"uuid":"475271907","full_name":"kh4sh3i/Gitlab-CVE","owner":"kh4sh3i","description":"a Curated list of gitlab vulnerability","archived":false,"fork":false,"pushed_at":"2022-03-30T07:24:17.000Z","size":7,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-08-05T17:40:45.863Z","etag":null,"topics":["api","cve","git","gitlab","gitlab-api","gitlab-ce","gitlab-migrated","graphql","pentesting","userenumeration"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc0-1.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kh4sh3i.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-03-29T03:52:15.000Z","updated_at":"2022-09-27T22:12:05.000Z","dependencies_parsed_at":"2023-07-29T11:30:11.876Z","dependency_job_id":null,"html_url":"https://github.com/kh4sh3i/Gitlab-CVE","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kh4sh3i%2FGitlab-CVE","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kh4sh3i%2FGitlab-CVE/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kh4sh3i%2FGitlab-CVE/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kh4sh3i%2FGitlab-CVE/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kh4sh3i","download_url":"https://codeload.github.com/kh4sh3i/Gitlab-CVE/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225763232,"owners_count":17520424,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","cve","git","gitlab","gitlab-api","gitlab-ce","gitlab-migrated","graphql","pentesting","userenumeration"],"created_at":"2024-08-04T17:02:33.761Z","updated_at":"2024-11-21T16:30:29.228Z","avatar_url":"https://github.com/kh4sh3i.png","language":null,"funding_links":[],"categories":["Others"],"sub_categories":[],"readme":"# Gitlab-CVE\na Curated list of gitlab vulnerability\n\n\n\n## CVE-2021-22205 [critical]\nAn issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.\n\n```\nhttps://target.com/users/sign_in\n```\n\n## CVE-2021-22214 [high]\nThe remote GitLab install contains a Server-side request forgery (SSRF) vulnerability as a result of the internal network for webhooks being enabled. A remote, unauthenticated attacker can exploit a registration-limited GitLab instance causing it to make HTTP requests to an arbitrary domain of the attacker's choosing.\n\n```\nhttp://target.com/api/v4/ci/lint?include_merged_yaml=true\n```\n\n\n## gitlab weak login [high]\nsometiem we can login to gitlab with default username \u0026 password like\n```\n[username=root,password=123456789]\n```\n\n## gitlab api user enum [medium]\nwe can enum user from unprotected api call\n```\nhttp://target.com/api/v4/users/1\n```\n\n## CVE-2021-4191 [medium]\nPrivate GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.\n```\nhttp://target.com/api/graphql [root,support-bot,alert-bot]\n```\n\n\n## CVE-2020-26413 [medium]\nInformation disclosure via GraphQL results in user email being unexpectedly visible.\n```\nhttp://target.com/api/graphql [test@gmail.com]\n```\n\n\n## reference\n* [GitLab-SSRF-CVE-2021-22214](https://github.com/kh4sh3i/GitLab-SSRF-CVE-2021-22214)\n* [CVE-2021-22205](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22205)\n* [CVE-2021-4191](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4191)\n* [CVE-2020-26413](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26413)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkh4sh3i%2FGitlab-CVE","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkh4sh3i%2FGitlab-CVE","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkh4sh3i%2FGitlab-CVE/lists"}