Last Updated on 05/03/2022 by Nidhi Khandelwal
Researchers have revealed details of a now-patched security flaw in GitLab, an open-source DevOps platform, that may allow a remote, unauthenticated attacker to recover user-related data.
The medium-severity problem, dubbed CVE-2021-4191 (CVSS score: 5.3), affects all versions of GitLab Community Edition and Enterprise Edition starting with 13.0, as well as all versions starting with 14.4 and previous to 14.8.
Jake Baines, a senior security researcher at Rapid7, is credited with discovering and disclosing the problem. GitLab major security releases 14.8.2, 14.7.4, and 14.6.5 delivered on February 25, 2022, following a responsible disclosure on November 18, 2021.
In a report published Thursday, Baines stated, “The vulnerability is the result of a missing authentication check while executing specific GitLab GraphQL API queries.” “This vulnerability allows an unauthenticated attacker to gather registered GitLab usernames, names, and email addresses from a remote location.”
If the API information leak is successfully exploited, hostile actors may be able to enumerate and assemble lists of genuine usernames belonging to a target, which can then be used as a stepping stone for brute-force attacks such as password guessing, password spraying, and credential stuffing.
“The information leak might also allow an attacker to construct a new username wordlist based on GitLab installs — not only from gitlab.com, but from the other 50,000 GitLab instances accessible through the internet,” Baines said.