writeups.xyz writeups.xyz / GitLab

Title Vulnerabilities Programs Authors
Devfile file write vulnerability in GitLab
Understanding GitLab EE/CE Account TakeOver (CVE-2023-7028)
Smashing the state machine: the true potential of web race conditions
RCE In GitLab's CLI Tool
CVE-2023-2825 Analysis And Exploit
The MarkdownTime Vulnerability: How to Avoid This DoS Attack on Business Critical Services
Gitlab Project Import RCE Analysis (CVE-2022-2185)
Security Vulnerability in GitLab: Sending Arbitrary Requests through Jupyter Notebooks
Hacking Swagger-UI - from XSS to account takeovers
[3/3] Cache Poisoning & Lateral Movement @ GitLab
[2/3] XSS Through The Front-Door @ GitLab
[1/3] Brute-Force Protection Bypass @ GitLab
CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)
Cache Poisoning at Scale
Hunting for XSS with CodeQL
Unauthenticated Gitlab SSRF
ExifTool CVE-2021-22204 - Arbitrary Code Execution
[GITLAB] — Just another SSRF issue.
[GITLAB] — Server Side Request Forgery in “Project Import” page.
[GITLAB] — Denial of service via “Login Panel” functionality.
Hacking — Always check out the Images
1000$ for Open redirect via unknown technique [BugBounty writeup]
CVE-2020-13294
Chaining multiple low-impact bugs to arbitrary file read in GitLab
Responsible disclosure: improper access control in Gitlab private project.