Note:
This project will be discontinued after December 13, 2021. [more]
2019-12-18
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing.
| Products | Gitlab |
| Type | Improper Restriction of Excessive Authentication Attempts (CWE-307) |
| First patch | - None (likely due to unavailable code) |
| Links | https://hackerone.com/reports/636560 |