Open redirect
Medium
Vulnerability Details
POC:
$GITLAB_INSTANCE = gitlab.com
Visit:
https://$GITLAB_INSTANCE/dashboard/todos?page=99999999&host=www.google.com
Bug is in Dashboard::TodosController line 10
Likey
Same bug in Projects::IssuesController line 32
and other places in the codebase where you `redirect_to params.merge(..)`
Actions
View on HackerOneReport Stats
- Report ID: 214034
- State: Closed
- Substate: resolved
- Upvotes: 3