[GitLab] Able to view hackerone reports attachments
Original Post:
We discussed this vulnerability during Episode 151 on 19 September 2022
Fairly simple vulnerability where GitLab had an internal endpoint for their own tracking of H1 reports on h1.sec.gitlab.net
. The researcher found one of these links and discovered the /a
path which would dump all attachments keys, which you could use to re-construct the urls to download attachments.