2 matches found
Gitlab -- multiple vulnerabilities
GitLab reports: Removing public deploy keys regression Users can update their password without entering current password Persistent XSS - Selecting users as allowed merge request approvers Persistent XSS - Multiple locations of user selection drop downs include directive in .gitlab-ci.yml allows...
GitLab: Every user can delete public deploy keys
Vulnerability details A GitLab instance can have public deploy keys that project admins can use for their project. An attacker can delete these public keys used by other users to deploy code. Impact Deleting these shared deploy keys may stop users to deploy their code. Proof of concept Make sure...