[Admin Panel] CSRF to resume/pause runner
Low
G
GitLab
Submitted None
Actions:
Reported by
ngalog
Vulnerability Details
Technical details and impact analysis
Hi,
Just found a CSRF in admin panel of gitlab instance to pause/resume runner.
## Steps to reproduce
- http://{gitlab_instance}/admin/runners/:runner_id/resume
- http://{gitlab_instance}/admin/runners/:runner_id/pause
Video:
███████
password: `██████████`
## Impact
Just found a CSRF in admin panel of gitlab instance to pause/resume runner.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-Site Request Forgery (CSRF)