Researcher Gets $ 20,000 For Critical Bug In GitLab
Ib specialist William Bowling earned $ 20,000 by discovering a critical vulnerability in GitLab. The bug allowed to achieve the execution of arbitrary code or steal confidential data from the server.
Bowling exposed the vulnerability in March 2020. Then the expert noticed that an attacker could get arbitrary files from the server when moving the issue from one GitLab project to another. The problem was due to the lack of file name validation in the UploadsRewriter function. As a result, the specialist demonstrated in his report that an attacker could exploit this problem to read arbitrary files from the server, including configuration files, tokens, and other sensitive data.
Studying this problem further, the expert discovered that it can also lead to the execution of arbitrary code remotely. The flaw applied to both local GitLab installations and gitlab.com.
GitLab engineers note that an attacker could exploit this vulnerability by simply creating his own project or group, moving the issue from one project to another.
GitLab developers fixed the vulnerability a few days after receiving a message from the researcher. As mentioned above, William Bowling was paid a reward of $ 20,000 for this bug. Interestingly, this is far from the first bug bounty of Bowling. In recent months, the expert has earned more than $ 50,000 on GitLab problems, having found several critical and serious vulnerabilities of the platform.
At the end of 2019, GitLab reported that over the past year, it has paid researchers more than $ 500,000 as part of its reward program for vulnerabilities discovered.