GitLab - HackerOne Reports
View on HackerOne248
Total Reports
33
Critical
71
High
86
Medium
41
Low
Arbitrary POST request as victim user from HTML injection in Jupyter notebooks
Reported by:
joaxcar
|
Disclosed:
High
Weakness: Resource Injection
Bounty: $8690.00
Ability to bypass email verification for OAuth grants results in accounts takeovers on 3rd parties
Reported by:
cache-money
|
Disclosed:
High
Weakness: Authentication Bypass Using an Alternate Path or Channel
Bounty: $3000.00
Arbitrary escape sequence injection in docker-machine from worker nodes
Reported by:
mehmil
|
Disclosed:
Low
Weakness: Command Injection - Generic
Race condition in GitLab import, giving access to other people their imports due to filename collision
Reported by:
jobert
|
Disclosed:
Low
Weakness: Information Disclosure
Stored XSS on issue comments and other pages which contain notes
Reported by:
jarij
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Bounty: $3000.00
Gitlab.com is vulnerable to reverse tabnabbing via AsciiDoc links. (#3)
Reported by:
edoverflow
|
Disclosed:
Medium
Weakness: UI Redressing (Clickjacking)
Guest users can change the confidentiality attribute on those issues that have been assigned to them
Reported by:
0xwintermute
|
Disclosed:
Low
Weakness: Improper Access Control - Generic
Bounty: $100.00
RCE when removing metadata with ExifTool
Reported by:
vakzz
|
Disclosed:
Critical
Weakness: Code Injection
Bounty: $20000.00
Previous
Page 13 of 13