IDOR Get milestone names of any private projects of Gitlabs
Link: https://hackerone.com/reports/412755
By: @ashish_r_padelkar
Details: Summary: Hello,
It is possible to get Milestone
names of all the GITLAB private projects
Description: When you create any issue for milestones, the following url is used
https://gitlab.com/ashishprsspl444/OutsideProjectOther/issues/new?issue%5Bmilestone_id%5D=655554
As you can see, there is parameter issue%5Bmilestone_id%5D
in the request which is the milestone ID. If you replace this ID with any sequential ID, you should see milestones which may be belong to private projects or groups!
#Steps
-
Just visit the url
https://gitlab.com/<userName>/<Project>/issues/new?issue%5Bmilestone_id%5D=<ProjectID>
-
You should see name of the milestone populated in
Milestones
dropdown -
This way you can enumerate all the milestones of GITLAB companies!!
Regards, Ashish
Impact
Get milestone names of all the users from GITLAB