Skip to content
Nuclei Templates

GitLab CI YAML - Exposure

ID: gitlab-ci-yml

Severity: medium

Author: DhiyaneshDK

Tags: exposure,config,cicd,gitlab

Description

Section titled “Description”

The gitlab-ci.yml file, used for configuring CI/CD pipelines in GitLab, has been found exposed. This file contains crucial details about the build, test, and deployment processes, and may include sensitive information such as API keys, tokens, environment variables, and other credentials.

YAML Source

Section titled “YAML Source”
id: gitlab-ci-yml


info:
  name: GitLab CI YAML - Exposure
  author: DhiyaneshDK
  severity: medium
  description: |
    The gitlab-ci.yml file, used for configuring CI/CD pipelines in GitLab, has been found exposed. This file contains crucial details about the build, test, and deployment processes, and may include sensitive information such as API keys, tokens, environment variables, and other credentials.
  impact: |
    Unauthorized access to this file can lead to severe security risks and operational disruptions.
  reference:
    - https://x.com/RootMoksha/status/1816571625388818923/photo/1
  classification:
    cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: gitlab
    product: gitlab
    shodan-query: html:"gitlab-ci.yml"
  tags: exposure,config,cicd,gitlab


http:
  - method: GET
    path:
      - "{{BaseURL}}/.gitlab-ci.yml"
      - "{{BaseURL}}/gitlab-ci.yml"
      - "{{BaseURL}}/.gitlab-ci/variables.yml"


    stop-at-first-match: true


    matchers-condition: or
    matchers:
      - type: word
        part: body
        words:
          - "variables:"
          - "before_script:"
        condition: and


      - type: word
        part: body
        words:
          - "stage: build"
          - "script:"
          - "image:"
        condition: and


      - type: word
        part: body
        words:
          - "variables:"
          - "releasePath:"
          - "sshUser:"
        condition: and
# digest: 4a0a0047304502207bb415e8e0c277fced58d02416f7ae9f8098907be3930bffdeb1bcc0d81a29bc022100f2b9b887518cb701768f2187cf299fd1db1c6c987c076724a4ac6347231eb198:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/exposures/files/gitlab-ci-yml.yaml"

View on Github