GitLab::API::v4 up to and including 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.
gitlab\\ \\ api\\