I am trying to find resolution on issue 62174. I saw this posted on hackerone and want to know if there is a fix in a release for this. The following is post from hackerone:
Nice finding, thank you for submitting this report!
We have verified this finding and have escalated to our engineering team. We will be tracking progress internally at https://gitlab.com/gitlab-org/gitlab-ce/issues/62174. This issue will be made public 30 days following the release of a patch.
We will continue to update you via HackerOne as a patch is scheduled for release.
Security Team | GitLab Inc.