GitLab: Confidential issues leaked in public projects when attached to milestone
Vulnerability details When a confidential issue in a public or internal project is attached to a milestone, it is exposed through the GitLab API. Proof of concept As a victim, create a new public or internal project. Lets state that the project has ID 1. Create a milestone for this project. After...