GitLab could allow a remote attacker to obtain sensitive information, caused by an improper authorization issue. An attacker could exploit this vulnerability to extract the value of known variables in public projects or private projects with membership.
GitLab could allow a remote attacker to obtain sensitive information, caused by improper IP-based access restrictions. A remote attacker with access tokens could exploit this vulnerability to obtain CI variables in a group from outside the allowed IP range.
Refer to GitLab Website for patch, upgrade, or suggested workaround information.