The vulnerability resided within gitlab's post /users/password api endpoint, which is responsible for a password reset. The pentester exploited a flaw in email address validation,. In this scenario, we have the victims email (victim@mail. gitlab. thm) and attackers email (attacker@mail. gitlab. thm). Intercept the passwords request using. I believe the fix is here:
Taliyah And Gustavo: The Truth Will Break Your Heart
They Tried To Silence This GIA Leak... We Amplified It
The Scandal That Changed Talissa Smalley's Life Forever