GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10978
Reference (s):
- https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
- https://about.gitlab.com/releases/categories/releases/