Path traversal, to RCE

Program: Gitlab Bug Type: path traversal Bounty: 12000 Date: 2019-11-09

path-traversal violation-of-secure-design-principal

Summary

The researcher found a path traversal vulnerability in the Gitlab package registry API that allows an attacker to write to any path writable by git user, potentially allowing an attacker to write to authorized_keys with their public key and get a ssh shell.

References

https://hackerone.com/reports/733072

← Back to Reports