2020-01-28 02:39:28
hackerone
PUBLISHED
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.