Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GitLab - HackerOne Reports

View on HackerOne

248

Total Reports

33

Critical

71

High

86

Medium

41

Low

Arbitrary file read during project import

Reported by: saltyyolk | Disclosed:

Critical

Weakness: Path Traversal

Bounty: $16000.00

ReDoS in net/http affects webhooks: Sidekiq job stuck at 100% CPU for a year

Reported by: afewgoats | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

[Subgroups] Unprivileged User Can Disclose Private Group Names

Reported by: ysx | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

[Repository Import] Open Redirect via "continue[to]" parameter

Reported by: ysx | Disclosed:

Medium

Weakness: Open Redirect

SSRF vulnerability in gitlab.com via project import.

Reported by: edoverflow | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Mint Oauth2 access token for targeted user

Reported by: timothyleung | Disclosed:

High

Weakness: Improper Authentication - Generic

all private tokens are leaked to an unauthenticated attacker

Reported by: rpearl | Disclosed:

Critical

Weakness: Privilege Escalation

IDOR Exposes All Machine Learning Models

Reported by: moblig | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $1160.00

Steal private objects of other projects via project import

Reported by: saltyyolk | Disclosed:

Critical

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $20000.00

Stored XSS in repository file viewer

Reported by: kannthu | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $2000.00

Exposure of a valid Gitlab-Workhorse JWT leading to various bad things

Reported by: ledz1996 | Disclosed:

High

Weakness: Improper Authentication - Generic

Know whether private project name exists or not within a group using link comments

Reported by: ashish_r_padelkar | Disclosed:

Low

Weakness: Information Disclosure

Clipboard DOM-based XSS

Reported by: vovohelo | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

IDOR in "external status check" API leaks data about any status check on the instance

Reported by: joaxcar | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Bounty: $610.00

Persistent XSS in Note objects

Reported by: saltyyolk | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $4500.00

Stored XSS in blob viewer

Reported by: yvvdwf | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

XSS: `v-safe-html` is not safe enough

Reported by: yvvdwf | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Unauthorized access

Reported by: mega7 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

CVEs: CVE-2022-2185

Store-XSS in error message of build-dependencies

Reported by: yvvdwf | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Access Projects And create projects in gitlab pre production server

Reported by: uzsunnyz | Disclosed:

Low

Weakness: Improper Access Control - Generic

Previous Page 10 of 13 Next