GitLab - HackerOne Reports
View on HackerOne248
Total Reports
33
Critical
71
High
86
Medium
41
Low
ReDoS due to device-detector parsing user agents
Reported by:
afewgoats
|
Disclosed:
Medium
Weakness: Uncontrolled Resource Consumption
No redirect_uri in the db for web-internal clientKey leads to one-click DoS on gitter.im
Reported by:
gregxsunday
|
Disclosed:
Low
Weakness: Uncontrolled Resource Consumption
Stored XSS in merge request creation page through payload in approval rule name
Reported by:
joaxcar
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Bounty: $3000.00
GitLab::UrlBlocker validation bypass leading to full Server Side Request Forgery
Reported by:
ajxchapman
|
Disclosed:
High
Weakness: Server-Side Request Forgery (SSRF)
Cache poisoning Denial of Service affecting assets.gitlab-static.net
Reported by:
youstin
|
Disclosed:
High
Weakness: Uncontrolled Resource Consumption
Insufficient Type Check leading to Developer ability to delete Project, Repository, Group, ...
Reported by:
ledz1996
|
Disclosed:
High
Weakness: Type Confusion
XSS in request approvals
Reported by:
circuit
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Bounty: $3000.00
Login email verification bypass via `/oauth/token`.
Reported by:
cybxis
|
Disclosed:
Weakness: Missing Critical Step in Authentication
gitlab-workhorse bypass in Gitlab::Middleware::Multipart allowing files in `allowed_paths` to be read
Reported by:
vakzz
|
Disclosed:
Critical
Weakness: Information Disclosure
Bounty: $10000.00
GitLab CI runner can read and poison cache of all other projects
Reported by:
jobert
|
Disclosed:
Critical
Weakness: Path Traversal
Bounty: $2000.00
Stored XSS via Mermaid Prototype Pollution vulnerability
Reported by:
taraszelyk
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Bounty: $3000.00
Stored XSS in markdown via the DesignReferenceFilter
Reported by:
vakzz
|
Disclosed:
Critical
Weakness: Cross-site Scripting (XSS) - Stored
Bounty: $16000.00
[Markdown] Stored XSS via character encoding parser bypass
Reported by:
ysx
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Account Takeover via Password Reset without user interactions
Reported by:
asterion04
|
Disclosed:
Critical
Weakness: Improper Access Control - Generic
Bounty: $35000.00
Stored XSS in Notes (with CSP bypass for gitlab.com)
Reported by:
joaxcar
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Bounty: $13950.00
Remove obsolete domain from handbook subdomain
Reported by:
tefa_
|
Disclosed:
Low
Weakness: Misconfiguration
Container scanning and Dependency scanning report leaked to unauthorized users
Reported by:
xanbanx
|
Disclosed:
Medium
Weakness: Improper Access Control - Generic
Mailgun misconfiguration leads to email snooping and postmaster@-access on email.mg.gitlab.com
Reported by:
fransrosen
|
Disclosed:
Weakness: Privilege Escalation
Use of Ruby Forwardable module and runtime meta-programming may introduce vulnerabilities
Reported by:
jobert
|
Disclosed:
Medium
Weakness: Information Disclosure
Container escape on public GitLab CI runners
Reported by:
ec0
|
Disclosed:
High
Weakness: Improper Access Control - Generic