Back to directory
WRITEUP #2926

CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)

APIUsername enumerationGraphQL
by@junior_baines(Jacob Baines)
Program
GitLab
Published
Mar 3, 2022
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://www.rapid7.com/blog/post/2022/03/03/cve-2021-4191-gitlab-graphql-api-user-enumeration-fixed/
RELATED WRITEUPS
Authorization bypass due to cache misconfiguration
APIAuthorization bypass
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
Exploiting Broken Authentication Control In GraphQL
CloudGraphQL

Built with ❤️ by Shubham Rawat