An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.
[
{
"product": "GitLab",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.3.3"
}
]
}
]