Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GitLab - HackerOne Reports

View on HackerOne

248

Total Reports

33

Critical

71

High

86

Medium

41

Low

Blind SSRF in FogBugz project import

Reported by: mike12 | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Stored XSS for Grafana dashboard URL

Reported by: xanbanx | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Ability To Delete User(s) Account Without User Interaction

Reported by: hx01 | Disclosed:

High

Weakness: Misconfiguration

[RDoc] XSS in project README files

Reported by: ysx | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Stored XSS in main page of a project caused by arbitrary script payload in group "Default initial branch name"

Reported by: joaxcar | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $3000.00

CSP-bypass XSS in project settings page

Reported by: yvvdwf | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Able to view hackerone reports attachments

Reported by: sateeshn | Disclosed:

Critical

Weakness: Insecure Storage of Sensitive Information

GFM renderer leaks external issue tracker URL of private project

Reported by: jobert | Disclosed:

Weakness: Information Disclosure

Sending Arbitrary Requests through Jupyter Notebooks on gitlab.com and Self-Hosted GitLab Instances

Reported by: iwis | Disclosed:

Medium

Weakness: Command Injection - Generic

GitLab-Runner on Windows `DOCKER_AUTH_CONFIG` container host Command Injection

Reported by: ajxchapman | Disclosed:

High

Weakness: OS Command Injection

RepositoryPipeline allows importing of local git repos

Reported by: vakzz | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $22300.00

Stored-XSS with CSP-bypass via labels' color

Reported by: yvvdwf | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Importing GitLab project archives can replace uploads of other users

Reported by: ajxchapman | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

RCE via unsafe inline Kramdown options when rendering certain Wiki pages

Reported by: vakzz | Disclosed:

Critical

Weakness: Code Injection

Bounty: $20000.00

Content injection in Jira issue title enabling sending arbitrary POST request as victim

Reported by: joaxcar | Disclosed:

High

Weakness: Resource Injection

Bounty: $8690.00

Vulnerability in project import leads to arbitrary command execution

Reported by: saltyyolk | Disclosed:

Critical

Weakness: Command Injection - Generic

Path traversal in Nuget Package Registry

Reported by: saltyyolk | Disclosed:

High

Weakness: Path Traversal

Bounty: $12000.00

XSS (Persistent) - Selecting role(s) for protected branches

Reported by: phillycheeze | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

CVEs: CVE-2018-10379

Persistent XSS - Selecting users as allowed merge request approvers

Reported by: phillycheeze | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

CVEs: CVE-2018-10379

Blocked user Git access through CI/CD token

Reported by: logan5 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $1500.00

Page 1 of 13 Next