Gitlab reports:
Improper Certificate Validation for Fortinet OTP
Denial of Service Attack on gitlab-shell
Resource exhaustion due to pending jobs
Confidential issue titles were exposed
Improper access control allowed demoted project members to access authored merge requests
Improper access control allowed unauthorized users to access analytic pages
Unauthenticated CI lint API may lead to information disclosure and SSRF
Prometheus integration in Gitlab may lead to SSRF
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center