An issue exists in GitLab Community and Enterprise Edition 8.13 up to and including 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitlab gitlab |