H3-2022-0078

Unauthenticated Gitlab User Enumeration

Description

The GitLab application allows unauthenticated user enumeration due to a misconfiguration in its public access settings. GitLab is a web-based DevOps lifecycle tool that provides a Git repository manager providing wiki, issue-tracking, and CI/CD pipeline features. An attacker can exploit this misconfiguration by accessing certain endpoints that return a list of users and other potentially sensitive information without requiring authentication.

Impact

Exploiting this misconfiguration can enable an attacker to compile a list of valid users, facilitating further malicious actions such as targeted phishing attacks or credential brute-forcing.

References

• Project and group visibility
• MITRE ATT&CK Technique: T1087: Account Discovery