Hi Sir, mv-data.at Team
Introduce, I'm Alexander.
I work as Bug Bounty Hunter.
I found a vulnerability in an existing Gitlab system
Gitlab RCE which allows me to change the gitlab administrator/root
password (Takeover admin gitlab login) and also be able to view all source code and secret credentials make reverse shell to the operation system.
This finding is Critical Vulnerability.
Impact:
Attacker can delete and download the source code and obtain various credentials.
(database[SQL Command], API, credential : username & password)
Attacker can embed ransomware and demand a ransom for all your data
Can distribute the existing code in gitlab or sell it causing damage to the reputation
Can exploit the gitlab and all source code of your data dev or master
RCE Access can delete and manage your files or data. Email: alexandergiat@gmail.com
Explore GitLab
Discover projects, groups and snippets. Share your projects with others