|
|
|
|
|
|
by dijit
513 days ago
|
|
|
there was a pretty bad bug (though I think it was a rails footgun)- that allowed you to append an arbitrary email to the reset request. The only difficult part for the attacker was finding an email address that was used by the target; though thats hsually the same as you use for git commits; and gitlab “handily” has an email address assigned to each user-id incrementing from 1; Usually low numbers are admins, so, a pretty big attack vector when combined. |
|
|