Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GitLab - HackerOne Reports

View on HackerOne

248

Total Reports

33

Critical

71

High

86

Medium

41

Low

New /add_contacts /remove_contacts quick commands susseptible to XSS from Customer Contact firstname/lastname fields

Reported by: cryptopone | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $13950.00

Installing Gitlab runner with Docker-In-Docker allows root access

Reported by: jafarakhondali | Disclosed:

Weakness: Privilege Escalation

Bounty: $100.00

SQL injection in MilestoneFinder order method

Reported by: jobert | Disclosed:

Critical

Weakness: SQL Injection

Bounty: $2000.00

Privilege escalation of "external user" (with maintainer privilege) to internal access through project token

Reported by: joaxcar | Disclosed:

Medium

Weakness: Privilege Escalation

Bounty: $1020.00

Information Disclosure - Pvt Gitlab Issue Disclosing Through GitLab Unfiltered YouTube channel.

Reported by: mrrajputhacker2 | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $100.00

XSS by clicking Jira's link

Reported by: ooooooo_q | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $1130.00

Server Side Request Forgery mitigation bypass

Reported by: mclaren650sspider | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

Stored XSS in custom emoji

Reported by: ooooooo_q | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $3000.00

Lack of validation before assigning custom domain names leading to abuse of GitLab pages service

Reported by: badshah_ | Disclosed:

Medium

Weakness: Phishing

DoS attack via comment on Issue

Reported by: 8ayac | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Bounty: $1000.00

Project Template functionality can be used to copy private project data, such as repository, confidential issues, snippets, and merge requests

Reported by: jobert | Disclosed:

Critical

Weakness: Privilege Escalation

Bounty: $12000.00

[reStructuredText] XSS in project README files

Reported by: ysx | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

[Textile] XSS in project README files

Reported by: ysx | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Members from parent group keep their access level on a subgroup transfer and are invisible

Reported by: kryword | Disclosed:

High

Weakness: Improper Access Control - Generic

Stored XSS in markdown when redacting references

Reported by: vakzz | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $5000.00

Path paths and file disclosure vulnerabilities at influxdb.quality.gitlab.net

Reported by: otoyyy_h1 | Disclosed:

Low

Weakness: Information Disclosure

SSRF via git Repo by URL Abuse

Reported by: oroborus | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Snippet JS template allows attacker to read a user's private snippets

Reported by: jobert | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $300.00

FogBugz import attachment full SSRF requiring vulnerability in *.fogbugz.com

Reported by: ajxchapman | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

Stored DOM XSS via Mermaid chart

Reported by: taraszelyk | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $3000.00

Previous Page 11 of 13 Next