This Metasploit module queries the GitLab GraphQL API without authentication to acquire the list of GitLab users (CVE-2021-4191). The module works on all GitLab versions from 13.0 up to 14.8.2, 14.7.4, and 14.6.5.
37361393f26eabdc1c128ac8137d1d761bdfdcc8e7201453e7e793df6a7c3a27