Thursday, May 26, 2022
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > GitLab awards researcher $20,000 for reporting a critical bug

GitLab awards researcher $20,000 for reporting a critical bug

GitLab awarded a cybersecurity researcher $20,000 for discovering a serious remote code execution vulnerability on the platform.

Seda Nur Cinar by Seda Nur Cinar
April 30, 2020
in Cybersecurity
1 min read
0 0
0
GitLab awards researcher $20,000 for reporting a remote code execution bug
1
SHARES
30
VIEWS
Share on FacebookShare on TwitterShare on EmailFollow on Google News

GitLab has opened a bug bounty program through the HackerOne bug bounty platform on March 23. The bug was disclosed on 27 April by William “vakzz” Bowling, a programmer. The vulnerability was defined as an arbitrary file read via the UploadsRewriter when moving and issue. According to Bowling’s report, the file or path should be validated before copying files. This was the source of the critical security issue.

A patch in GitLab version 12.9.1

GitLab Security Team has verified the issue. The GitLab security team awarded Bowling a $1,000 reward while triage took place. Johnathan Hunt, VP of Security at GitLab said,

Johnathan Hunt, VP of Security at GitLab
Johnathan Hunt, VP of Security, GitLab

“We’re thankful for security reporters like vakzz who responsibly disclose vulnerabilities through our bug bounty program. Once disclosed to the GitLab Security Team, this specific bug was quickly remediated and made public 30 days after the patch is released.”

Bowling said that the issue could be turned into a remote code execution (RCE) attack by using the arbitrary file read bug to grab information from the GitLab secret_key_base service. His finding has been patched in GitLab version 12.9.1. After the patch released, he was possibly awarded the rest of the sum.

Four months ago, Bowling disclosed a bug in GitLab’s Search API which allowed additional flags to be injected into the git command. He was awarded $12,000 for the critical bug report.

See more Cyber Security News


Tags: GitLabHackerOneVulnerability
Share1TweetSendShare
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy
Previous Post

Google opens new cloud region in Las Vegas

Next Post

How to Backup Your Website in cPanel on HostGator?

Seda Nur Cinar

Seda Nur Cinar

Seda Nur Cinar is the news editor of the Cloud7 News. With more than 8 years of Linux and cloud experience, Seda is a Linux and opensource enthusiast, security researcher and a web application developer.

Related News

VMware ESXi servers are being targeted by a new ransomware

VMware ESXi servers are being targeted by a new ransomware

May 26, 2022 2:07 pm
StackPatch unveils new WAF packages

StackPath unveils new WAF packages

May 24, 2022 4:56 pm

Word files embedded in PDF files are carrying keyloggers

May 24, 2022 2:24 pm
QNAP NAS devices are vulnerable once more

QNAP NAS devices are vulnerable once more

May 24, 2022 2:14 pm
Next Post

How to Backup Your Website in cPanel on HostGator?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's Choice

Interview with Igor Seletskiy on AlmaLinux

7 best hosting control panels

How to update Linux Kernel without rebooting?

7 best Linux mail servers for 2022

7 best cPanel alternatives for 2022

7 best Linux web browsers for 2022

cPanel Security: 7 steps to secure cPanel

7 best CentOS alternatives

7 best Linux server distros for 2022

How to scan your server for Log4j (Log4Shell) vulnerability

Best web hosting service providers

AlmaLinux 8.6 Stable is ready to download

Ubuntu 22.04 LTS is available for download. What is new?

Advertisement

Recent News

  • Windows Server 2022 supports WSL 2 distros
  • InMotion Hosting introduces upgraded VPS hosting plans
  • VMware ESXi servers are being targeted by a new ransomware
  • Samsung and Red Hat teaming up for next-generation memory software
  • Microsoft introduced open-source XDP for Windows

Our Latest Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic
Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic

by Atalay Kelestemur
November 25, 2021 3:23 am


Cloud7 News is a news source that publishes the latest news, industry news and exclusive interviews on web hosting, cloud computing, data center, cybersecurity and linux.

News Categories

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • Blockchain

Our Free Modules

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About Us
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.