Maintainer can leak sentry token by changing the configured URL (fix bypass)
Medium
G
GitLab
Submitted None
Team Summary
Official summary from GitLab
A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365.
Actions:
Reported by
70rpedo
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Information Disclosure