GraphQL - API Security Blog

RST Threat feed. IOC: internal-graphql-stable-web-jer5f6d-n-933384777.us-east-1.elb.cryptohosting.eu

Found **internal-graphql-stable-web-jer5f6d-n-933384777[.]us-eas...Read More ...

30 мая, 2022

RST Threat feed. IOC: graphql-server-ecs-chat-497780143.us-west-2.elb.cryptohosting.eu

Found **graphql-server-ecs-chat-497780143[.]us-west-2.elb.crypto...Read More ...

30 мая, 2022

RST Threat feed. IOC: graphql.magical.coffee

Found **graphql[.]magical.coffee** in [RST Threat Feed](https:/...Read More ...

30 мая, 2022

GitLab GraphQL API User Enumeration

This module queries the GitLab GraphQL API without authentication to acquire the list of GitLab users (CVE-2021-4191). The module works on all GitLab versions from 13.0 up to 14.8.2, 14.7.4, and 14.6. ...

30 мая, 2022

Analyzing the Attack Landscape: Rapid7s 2021 Vulnerability Intelligence Report

![Analyzing the Attack Landscape: Rapid7s 2021 Vulnerability Intelligence Report](https://blog.rapid7.com/content/images/2022/03/vuln-intel-report.jpg) Every year, our research team at Rapid7 analyz ...

30 мая, 2022

GitLab 13.x < 14.6.5 / 14.7.x < 14.7.4 / 14.8.x < 14.8.2 User Enumeration

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumerat ...

30 мая, 2022

Metasploit Weekly Wrap-Up

## CVE-2022-21999 - SpoolFool ![Metasploit Weekly Wrap-Up](https://blog.rapid7.com/content/images/2022/03/metasploit-ascii-1-2.png) Our very own [Shelby Pace]() has added a new module for the [CVE-202 ...

30 мая, 2022

GitLab 13.x < 14.6.5 / 14.7.4 / 14.8.2 Information Disclosure

According to its self-reported version, the instance of GitLab running on the remote web server is 13.x prior to 14.6.5, 14.7.x prior to 14.7.4, or 14.8.x prior to 14.8.2. It is, therefore, affected b ...

30 мая, 2022