Get your FREE consultation
Our team will contact you
Question (if applicable)
By clicking the button you agree with our Privacy Policy

Automate Gitlab misconfigurations discovery with GraphQL

(5 mins)
Introduction
You can easily check your gitlab for user enumeration with a great graphql-explorer service.
The greatest thing is that it goes with documentation, IDE suggestions and can be accessed on a target host by the following url:
https://gitlab.<company_domain>/-/graphql-explorer

    Pic.1 - GraphQL explorer example
    Let's find something interesting
    Enumerate users
    Their ids we will use later
    {
      users {
        edges {
          node {
            id
            name
            email
            state
            status {
              emoji
              message
              messageHtml
            }
          }
        }
      }
    }
    Get user data
    {
    user(id:"gid://gitlab/User/1"){
      name
      assignedMergeRequests {
        edges {
          node {
            id
          }
        }
      }
      authoredMergeRequests {
        edges {
          node {
            id
          }
        }
      }
      projectMemberships {
        edges {
          node {
            id
          }
        }
      }
      publicEmail
      reviewRequestedMergeRequests {
        edges {
          node {
            id
          }
        }
      }
      snippets {
        edges {
          node {
            id
          }
        }
      }
      webPath
      webUrl
      username
      
    }
    }
    
    Get snippets
    {
      snippets {
        edges {
          node {
            id
            fileName
            title
            webUrl
            descriptionHtml
            httpUrlToRepo
          }
        }
      }
    }
    Get Vulnerabilities
    {
      vulnerabilities {
        edges {
          node {
            id
            scanner {
              externalId
              name
              reportType
              vendor
            }
            description
            project {
              id
              name
            }
            severity
            title
          }
        }
      }
    }
    Summary

    Security team needs to keep such data protected and avoid leakages.
    Bughunters .. they understand everything from this page :)

    But keep in mind, that graphql is not the root cause, it is just an instrument to easily get such information.

    Thank you for reading until the end.

    Your friend in information security world,
    (c) Whitespots team.

      Get your FREE consultation

      Email
      Question (if applicable)
      By clicking the button you agree with our Privacy Policy