GitLab

Ben Campbell
20 Mar 2015

GitLab User Enumeration

A user enumeration vulnerability was discovered in GitLab versions 5.0.0 to 7.5.0 that allows anonymous discovery of usernames through an unauthenticated internal API. The vulnerability enables attackers to potentially exploit source code repositories by enumerating valid usernames and targeting authentication systems. Metasploit modules were developed to demonstrate and exploit this security issue.