Improper access control

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...

UBUNTU-CVE-2021-39872

In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration...

GitLab 授权问题漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to view a project's file contents, commit history, bug lists, and more. GitLab suffers from an authorization issue vulnerability,...

GitBackdorizer - Is A Proof Of Concept That Uses The Lack Of User Attention To Steal Git Access Credentials

GitBackdorizer is a proof of concept, fully inspired in Ulisses Castro's 50 ton of backdoors talk, that abuses the lack of user attention to steal git access credentials. How it Works GitBackdorizer consists of three pieces: handler, dropper and the payload. Handler The handler sets up a HTTP...