[Admin Panel] CSRF to resume/pause runner
Link: https://hackerone.com/reports/415238
By: @ngalogDetails: Hi,
Just found a CSRF in admin panel of gitlab instance to pause/resume runner.
Steps to reproduce
- http://{gitlab_instance}/admin/runners/:runner_id/resume
- http://{gitlab_instance}/admin/runners/:runner_id/pause
Video:
https://vimeo.com/292095308
password: lskjflkasjdf
Impact
Just found a CSRF in admin panel of gitlab instance to pause/resume runner.