Blog Security Give it a go: Capture the flag for $20K USD in our bug bounty program
Published on: August 24, 2022
4 min read

Give it a go: Capture the flag for $20K USD in our bug bounty program

We created a private project containing a file with a flag. Use a permission-related vulnerability to bypass access control (without user interaction) and read the flag for a $20K USD bonus.

sigmund-i2VgGp5BwJg-unsplash.jpeg

๐Ÿ“ฃ We're issuing a challenge to all the amazing bug bounty hunters out there who make products and organizations like ours more secure. ๐Ÿ‘‡

Capture the Flag (CTF) first and a $20,000 USD bounty is yours.

It's that simple. The idea... not capturing the flag... at least that's our hope. But show us what you got, please. ๐Ÿ˜›

Why are we doing this?

Our aim with this CTF is to tackle potential vulnerabilities with lower CVSS scores but high business impact that may not get as much attention in our bug bounty program. We want to show those vulns the love through this CTF.

How do you get started?

We've created a private group with a private project that contains a file with a flag. Be the first person to use a permission-related vulnerability to bypass access control, without user interaction, read the flag. and voilร , the $20,000 USD bonus is yours. ๐ŸŽ‰ You can get all the details and requirements in our policy: https://hackerone.com/gitlab.

What else do you need to know?

We thought you might have questions, so we've created a few FAQ.

Q: How is this different from other CTFs?
A: There is no known solution yet :). Also, this is a single, ongoing challenge. The sole purpose here is to capture a flag inside a private project of a private group on GitLab.com, with the intent of demonstrating the ability to expose a real-world vulnerability. Similar to most CTFs, we're offering a prize, and valid bug bounty reports of permission-related vulnerabilities that contain this flag will receive a bonus of $20,000 USD.

Q: How will I know when someone has already captured the flag?
A: Currently, there is one (1) flag available. The bonus will be awarded to the first person to find the flag and file a report on our Bug Bounty Program with HackerOne, including the steps to successfully reproduce. We'll update our policy on HackerOne as soon as the flag is found. You can stay informed by subscribing to program updates on our bug bounty program with HackerOne.

Q: Can the flag be captured multiple times?
A: The first valid report with the flag will be awarded the bonus, and, at that time, the CTF will be paused. After testing and improving our defenses, we will re-enable the flag and update our bug bounty program policy to indicate the CTF is open again.

Q: Do I actually have to obtain the flag, or just prove that I can obtain the flag?
A: Yes, you must obtain the flag and include it in a report of a permission-related vulnerability that can bypass access control without user interaction. We have provided the group name (gitlab-h1-bbp-ctf-group) and group ID (55842926) in order to make it clear where the flag can be found.

Q: If I capture the flag, do I get the $20K USD bounty plus any applicable regular bounties?
A: Yes, but please keep in mind that the CTF bonus is specifically for permission-related vulnerabilities that can bypass access control without user interaction. Also, please note that the use of a leaked administrator-privileged token is not eligible for the CTF, but is still eligible for our program's maximum bounty payout.

Stay updated on the CTF

Be sure to subscribe ๐Ÿ”” to our program on HackerOne, as we'll update our policy each time the flag is captured (which means we'll need to test, fix, and reset) as well as when the flag is available again.

Happy hacking and we look forward to your next report!

Cover image by Sigmund on Unsplash

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

Find out which plan works best for your team

Learn about pricing

Learn about what GitLab can do for your team

Talk to an expert