Gitlab.com is vulnerable to reverse tabnabbing via AsciiDoc links. (#3)
Medium
G
GitLab
Submitted None
Actions:
Reported by
edoverflow
Vulnerability Details
Technical details and impact analysis
Dear GitLab bug bounty team,
# Summary
---
Gitlab.com is vulnerable to reverse tabnabbing in AsciiDoc files.
# Why does this vulnerability exist?
---
In AsciiDoc the following `http://example.com[Reverse Tabnabbing^]` is equivalent to `<a href="http://example.com" target="_blank">Reverse Tabnabbing</a>`.
# How can this exploited?
---
Same scenario as https://hackerone.com/reports/211065. ;)
Best regards,
Ed
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
UI Redressing (Clickjacking)