About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Gitlab SSO Lack of Permission Revoking- 301

lauritzhPosted 5 Years Ago
  • SSO's (single sign on) applications are used in order to give users access to an application while using another providers credentials. Alongside the SSO, certain permissions must be granted (by the user) to have at the third party site.
  • The issue was that if user deleted the account on the third party site or revoked access, the Gitlab SSO did NOT revoke access to the previous permissions.
  • Although this is a weird finding, permissions should be given and taken at will. This should be a normal test case going forward.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed