Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GitLab - HackerOne Reports

View on HackerOne

248

Total Reports

33

Critical

71

High

86

Medium

41

Low

GraphQL query "namespace" leaks data

Reported by: rpadovani | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Maintainer can leak sentry token by changing the configured URL (fix bypass)

Reported by: 70rpedo | Disclosed:

Medium

Weakness: Information Disclosure

Local files could be overwritten in GitLab, leading to remote command execution

Reported by: saltyyolk | Disclosed:

Critical

Weakness: Command Injection - Generic

Bounty: $12000.00

Stored XSS via Kroki diagram

Reported by: vakzz | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Bounty: $13950.00

Bypass for Domain-level redirects (Unvalidated Redirects and Forwar)

Reported by: thypon | Disclosed:

Medium

Weakness: Open Redirect

Bypass Email Verification -- Able to Access Internal Gitlab Services that use Login with Gitlab and Perform Check on email domain

Reported by: ngalog | Disclosed:

Medium

Weakness: Reliance on Untrusted Inputs in a Security Decision

All functions that allow users to specify color code are vulnerable to ReDoS

Reported by: 8ayac | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Bounty: $1000.00

Privilege escalation from any user (including external) to gitlab admin when admin impersonates you

Reported by: skavans | Disclosed:

Critical

Weakness: Privilege Escalation

Inadequate cache control in gitter allows to view private chat room

Reported by: dhakal_ananda | Disclosed:

Weakness: Improper Authentication - Generic

Last pipeline status for MR leaked

Reported by: xanbanx | Disclosed:

Low

Weakness: Improper Authentication - Generic

Insecure 2FA/authentication implementation creates a brute force vulnerability

Reported by: yaworsk | Disclosed:

Weakness: Violation of Secure Design Principles

SSRF in CI after first run

Reported by: plazmaz | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Dependecy Confusion via Lookup Request Forwarding to PyPi.org

Reported by: usd-responsible-disclosure | Disclosed:

Weakness: Misconfiguration

Subdomain takeover in Gitlab pages

Reported by: fdeleite | Disclosed:

Low

Weakness: Misconfiguration

Gitlab.com is vulnerable to reverse tabnabbing.

Reported by: edoverflow | Disclosed:

Low

Weakness: Open Redirect

Removing a user from a private group doesn't remove him from group's project, if his project's role was changed

Reported by: rpadovani | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Responsible Disclosure of Privacy Leakage Issue

Reported by: mzaheri | Disclosed:

High

Weakness: Privacy Violation

[Admin Panel] CSRF to resume/pause runner

Reported by: ngalog | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

Unauthenticated blind SSRF in OAuth Jira authorization controller

Reported by: jobert | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

Bounty: $4000.00

Blocked user Git access through CI/CD token

Reported by: logan5 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $1500.00

Previous Page 2 of 13 Next