GitLab

We got a bug report at HackerOne which I am not sure what to do about. Here it is to get input from our sysadmins (which need to fix it anyway, in case it's deemed valid):

Same site scripting

I have found an error of some misconfigrured DNS in a subdomain of yours which causes same site scripting.

Steps To Reproduce:

Step 1 : Go to terminal or cmd
Step 2 : Now type host localhost.torproject.org
Step 3 : Has Now you can see the response from localhost 127.0.0.1
Step 4 : This lead to Same site scripting

Referance :

http://www.securityfocus.com/archive/1/486606/30/0/threaded

Solution:

Kindly remove DNS record from nameserver or use that subdomain.

Impact

Same site scripting may lead to internal DOS