Insufficient validation of authentication parameters in GitLab Page for GitLab versions 11.5 onwards gives potential attackers the ability to steal a user’s API access token through GitLab Pages.

By admin