An authorization issue was discovered which allowed non-members of a private project/group to add and read labels.
Tag: Authorization Issue
ASA-2019-00215 – GitLab: Guest users of private projects have access to releases
An authorization issue was discovered for the GitLab Releases feature which could allow guest users access to private information like release details.
ASA-2019-00212 – GitLab: Related branches visible in issues for guests
An authorization issue was discovered which allowed Guests of a project to see Related Branches created for an issue.