information disclosure of secret_key_base via encoding charcters
High
G
GitLab
Submitted None
Team Summary
Official summary from GitLab
@paresh_parmar discovered an error page that was disclosing the value of the `secret_key_base` key of customers.gitlab.com to unauthenticated users, which would have allowed an attacker to arbitrarily decrypt signed cookies.
Actions:
Reported by
paresh_parmar
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$3500.00
Submitted
Weakness
Information Exposure Through an Error Message