DoS on wiki page: uneditable pages
HackerOne report #907260 by yvvdwf
on 2020-06-24:
Dear team,
I found a similar bug as the one in being reported here with the same impact: once being created, the page cannot be modified or deleted via website's interface.
Steps to reproduce
- Create a new wiki page.
- In the Title filed, fill
~/test
- Content can be anything
- Click
Create page
button
The page being created has the path var/opt/gitlab/test
(instead of ~/test
). The page cannot be neither modified, nor deleted via web's interface.
Impact
What is the current bug behavior?
The tile character ~
is translated into /var/opt/gitlab
What is the expected correct behavior?
The tile character should not be translated
Output of checks
This bug happens on GitLab.com
Impact
Once being created, the wiki page cannot be neither modified, nor deleted via web's interface.
Todo
-
Security fix in Gitaly: https://gitlab.com/gitlab-org/security/gitlab/-/issues/207 -
Fix in upstream gollum-lib
gem: https://github.com/gollum/gollum-lib/pull/385 -
Fix in forked gitlab-gollum-lib
gem
Edited by Markus Koller