Follow Johan on Bluesky: http://bsky.app/profile/joaxcar.bsky.social
Follow Johan on Twitter: http://x.com/joaxcar?lang=en
The report: https://gitlab.com/gitlab-org/gitlab/-/issues/491060
???? Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
???? Follow me on Twitter: https://bbre.dev/tw


This video is a writeup of Johan Carlsson’s SSRF in GitLab for which he was rewarded $29,000. It was also the first SSRF since 2020 (that I also covered on my channel: https://youtu.be/Uklsk1WZ2EU) that GitLab rewarded as a critical.

???? Get $100 in credits for Digital Ocean: https://bbre.dev/do

Analytic dashboard demo comes from: https://www.youtube.com/watch?v=Hmc-X_JNm-A
Blind SSRF Chains: https://github.com/assetnote/blind-ssrf-chains

Add comment

Your email address will not be published. Required fields are marked *