GitLab: Privilege escalation to access all private groups and repositories

Vulnerability details There is an insecure direct object reference IDOR issue in the group sharing feature for a project. This allows an attacker to get access to the names of private repositories of a group, issues, milestones, and the group its team members. Proof of concept First, lets set up...