A vulnerability exists in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos
gitlab gitlab