Below you will find pages that utilize the taxonomy term “GitLab”
Post
Real-life OIDC Security (III): CRLF Injections
This is the third post of a series on Single Sign-On and OpenID Connect 1.0 security. In this post, a more common CRLF injection in the context of OIDC is discussed in detail. We present issues discovered in GitLab (Severity: High - Critical) and Bitbucket Server (Severity: Informative - Low).
Advisories
CVE-2020-13294
The following (slightly modified) advisory was sent to GitLab using Hackerone on 19th June 2020.