gitlab is vulnerable to Cross-Site Leak. The vulnerability exists in the OAuth flow, allowing an attacker to leak an OAuth access token by getting the victim to visit a malicious page with SafariRead More