用户枚举漏洞(User Enumeration Vulnerability)是一种安全漏洞,攻击者可以通过特定的请求模式来猜测或验证用户账户的存在性。这种漏洞允许攻击者获取关于目标系统中用户账户的信息,从而为进一步攻击(如密码猜测攻击)提供便利。 2. GitLab用户枚举漏洞的具体情况 在GitLab中,用户枚举漏洞可能表现为攻击者能够通过
CVE-2021-4191 - GitLab User Enumeration GitLab is a widely-used web-based DevOps lifecycle tool that offers a Git-repository manager with integrated features for continuous integration, issue tracking, code reviews, and more. The GraphQL API is a powerful interface that enables users to interac...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.0 and all versions starting from 14.4 before 14.8. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration by unauthenticated users through the GraphQL API. This is a medium sever...
User enumeration on private instances An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with publi...
Umbraco Makes User Enumeration Feasible Based on Timing of Login Response Based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists. golang › github.com/nrkno/terraform-provider-windns › CVE-2025-46735 Terraform WinDNS Provider im...
SAST vulnerabilities are named according to the primary Common Weakness Enumeration (CWE) identifier for the discovered vulnerability. Read the description of each vulnerability finding to learn more about the specific issue that the scanner has detected. For more information on SAST coverage, see SAST...
Common Weakness Enumeration (CWE™) is a community-developed list of common software and hardware weakness types that have security ramifications. Weaknesses are flaws, faults, bugs, vulnerabilities, or other errors in software or hardware implementation, code, design, or architecture. If left unaddr...
user.issues.open.update_all(due_date: 7.days.from_now) # (1) user.issues.update_all('relative_position = relative_position + 1') # (2) If you cannot express the update as either a static value (1) or as a calculation (2), use UPDATE FROM to express the need to update multiple...
CHANGELOG.md Use D3DKMTEnumAdapters3 for adapter enumeration 1 year ago CONTRIBUTING.md Relicense to Apache2 5 years ago COPYING Add optional support for libelf from the elfutils project 7 years ago COPYING.LESSER Add optional support for libelf from the elfutils project 7 years ago ...
P.S.: The principal repository for this guide is here at Gitlab.com and it is also rendered better here (e.g. its formatting, especially enumerations across paragraphs) than at TJC (except for the uncommon TOC markup and how the line spacings in this footer and TOC are rendered without...