Title:GitLab Enterprise Edition和GitLab Community Edition 授权问题漏洞 (CVE-2021-4191) Description:An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.
Description
An unauthenticated remote attacker can leverage this vulnerability to collect registered GitLab usernames, names, and email addresses.
File Snapshot
id: CVE-2021-4191
info:
name: GitLab GraphQL API User Enumeration
author: zsusac
severity: me
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →