Skip to content

IDOR Get milestone names of any private projects of Gitlabs

Link:          https://hackerone.com/reports/412755
By:            @ashish_r_padelkar

Details: Summary: Hello,

It is possible to get Milestone names of all the GITLAB private projects

Description: When you create any issue for milestones, the following url is used

https://gitlab.com/ashishprsspl444/OutsideProjectOther/issues/new?issue%5Bmilestone_id%5D=655554

As you can see, there is parameter issue%5Bmilestone_id%5D in the request which is the milestone ID. If you replace this ID with any sequential ID, you should see milestones which may be belong to private projects or groups!

#Steps

  1. Just visit the url https://gitlab.com/<userName>/<Project>/issues/new?issue%5Bmilestone_id%5D=<ProjectID>

  2. You should see name of the milestone populated in Milestones dropdown

  3. This way you can enumerate all the milestones of GITLAB companies!!

Regards, Ashish

Impact

Get milestone names of all the users from GITLAB