Vulnerability detail

Enriched intelligence for a single CVE

5.3

CVSS
Medium

CVE-2021-4191

PUBLISHED

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with...

Exploited in the wild PoC available Remote Low complexity No user interaction

Vendor: GitLab
Product: GitLab
Published: Mar 28, 2022
EPSS: —

Description

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.

nuclei_scanner

CVSS scores

CVSS v3.1 5.3 Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitation status

Exploited in the wild

Recorded 2025-04-28 00:00:00 UTC · Source

Proof of concept available

Recorded 2023-06-05 04:08:45 UTC · Source

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
The Shadowserver (via CIRCL)	Apr 28, 2025

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-4191.yaml	Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

K3ysTr0K3R/CVE-2021-4191-EXPLOIT

github · Created 2023-07-22 21:06:51 UTC · 5 stars

A PoC exploit for CVE-2021-4191 - GitLab User Enumeration.

Adelittle/CVE-2021-4191_Exploits

github · Created 2023-06-05 04:08:45 UTC · 0 stars

Timeline

CVE ID Reserved

December 30, 2021
CVE Published to Public

March 28, 2022
Proof of Concept Exploit Available

June 05, 2023
Detected by Nuclei

April 25, 2025
Added to KEVIntel

April 28, 2025