Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

GitLab - HackerOne Reports

View on HackerOne

248

Total Reports

33

Critical

71

High

86

Medium

41

Low

Injection of `http.<url>.*` git config settings leading to SSRF

Reported by: vakzz | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

Bounty: $3000.00

A deactivated user can access data through GraphQL

Reported by: joaxcar | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $1370.00

Persistent XSS via e-mail when creating merge requests

Reported by: mario-areias | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

Private System Note Disclosure using GraphQL

Reported by: ngalog | Disclosed:

Low

Weakness: Information Disclosure

Bypass: Stored-XSS with CSP-bypass via scoped labels' color

Reported by: yvvdwf | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

CSRF-Token leak by request forgery

Reported by: naure | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Cookie bomb

Reported by: moritz30 | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

GraphQL Query leads to sensitive information disclosure

Reported by: chroduath | Disclosed:

Medium

Weakness: Privacy Violation

Cross-site Scripting (XSS) - Stored in RDoc wiki pages

Reported by: vakzz | Disclosed:

High

Weakness: UI Redressing (Clickjacking)

Bounty: $3500.00

"External status checks" can be accepted by users below developer access if the user is either author or assignee of the target merge request

Reported by: joaxcar | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $610.00

Gitlab is vulnerable to impersonation attacks due to broken links

Reported by: b3nac | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Full access to internal Gitlab instances at redash.gitlab.com, dashboards.gitlab.com, prometheus.gitlab.com

Reported by: rijalrojan | Disclosed:

Critical

Weakness: Incorrect Authorization

Arbitrary file read via the UploadsRewriter when moving and issue

Reported by: vakzz | Disclosed:

Critical

Weakness: Path Traversal

Bounty: $20000.00

Group search leaks private MRs, code, commits

Reported by: rpadovani | Disclosed:

High

Weakness: Improper Access Control - Generic

Path traversal, to RCE

Reported by: saltyyolk | Disclosed:

High

Weakness: Command Injection - Generic

Bounty: $12000.00

A profile page of a user can be denied from loading by appending .html to the username

Reported by: maruthi12 | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Bounty: $200.00

Stored XSS on Issue details page

Reported by: 8ayac | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

RCE via the DecompressedArchiveSizeValidator and Project BulkImports (behind feature flag)

Reported by: vakzz | Disclosed:

Critical

Weakness: Command Injection - Generic

Bounty: $33510.00

Stealing data from customers.gitlab.com without user interaction

Reported by: rpadovani | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

Blocked user Git access through CI/CD token

Reported by: logan5 | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $1500.00

Previous Page 5 of 13 Next