Missing CSRF in System Hooks
Title: Missing CSRF in System Hooks Scope: None Weakness: Cross-Site Request Forgery (CSRF) Severity: No Rating Link: https://hackerone.com/reports/309543 Date: 2018-01-26 13:19:34 +0000 By: @sql00
I've found CSRF Vulnerability which allows an attacker to resend requests to multiple hooks.
Steps To Reproduce:
- Create System Hook
- Open System Hooks and Click "Test" - > "Push Events"
- Click "Edit" on this hook
- In "Recent Deliveries" click "View Details" for specific event.
- Click "Resend Request"
As you can see in the "Resend request" CSRF token is missing. For this reason attacker can trick user of gitlab to perform an unwanted action on a System Hook for which the user is currently authenticated.
<img src="http://127.0.0.1/admin/hooks/3/hook_logs/107/retry" />
Attacker can trick user of gitlab to perform an unwanted action on a System Hook for which the user is currently authenticated.