Skip to content
GitLab
Next
    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn
  • Pricing
  • Talk to an expert
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    Projects Groups Topics Snippets
  • Register
  • Sign in
  • GitLab GitLab
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
    • Locked files
  • Issues 54.9k
    • Issues 54.9k
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 1.5k
    • Merge requests 1.5k
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
    • Test cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Terraform modules
    • Model experiments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • GitLab.orgGitLab.org
  • GitLabGitLab
  • Issues
  • #224496
Closed
Open
Issue created Jun 25, 2020 by GitLab SecurityBot@gitlab-securitybotReporter

DoS on wiki page: uneditable pages

HackerOne report #907260 by yvvdwf on 2020-06-24:

Dear team,

I found a similar bug as the one in being reported here with the same impact: once being created, the page cannot be modified or deleted via website's interface.

Steps to reproduce

  1. Create a new wiki page.
  2. In the Title filed, fill ~/test
  3. Content can be anything
  4. Click Create page button

The page being created has the path var/opt/gitlab/test (instead of ~/test). The page cannot be neither modified, nor deleted via web's interface.

Impact

What is the current bug behavior?

The tile character ~ is translated into /var/opt/gitlab

What is the expected correct behavior?

The tile character should not be translated

Output of checks

This bug happens on GitLab.com

Impact

Once being created, the wiki page cannot be neither modified, nor deleted via web's interface.

Todo

  • Security fix in Gitaly: https://gitlab.com/gitlab-org/security/gitlab/-/issues/207
  • Fix in upstream gollum-lib gem: https://github.com/gollum/gollum-lib/pull/385
  • Fix in forked gitlab-gollum-lib gem
Edited Oct 06, 2020 by Markus Koller
Assignee
Assign to
Time tracking