[Admin Panel] CSRF to resume/pause runner

Disclosed: 2020-12-01 04:34:15 By ngalog To gitlab

Low

Vulnerability Details

Hi, Just found a CSRF in admin panel of gitlab instance to pause/resume runner. ## Steps to reproduce - http://{gitlab_instance}/admin/runners/:runner_id/resume - http://{gitlab_instance}/admin/runners/:runner_id/pause Video: ███████ password: `██████████` ## Impact Just found a CSRF in admin panel of gitlab instance to pause/resume runner.

Actions

View on HackerOne

Report Stats

Report ID: 415238
State: Closed
Substate: resolved
Upvotes: 58

[Admin Panel] CSRF to resume/pause runner

Vulnerability Details

Actions

Report Stats

Share this report