Vulnerability in GitLab’s API exposed confidential data
Popular web-based repository manager GitLab has fixed a bug with its API which may have exposed confidential data about projects.
An insecure direct object reference within the GitLab Events API made information such as private notes, merge requests, and issues available.
In a post, GitLab Director of Security Kathy Wang wrote:
“We discovered that this exposure dates back to June 22, 2017, with the 9.3 release. GitLab’s...