A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper verification of permissions, an unauthorized user can access a private repository within a public project.
Credits
Thanks [ledz1996](https://hackerone.com/ledz1996) for reporting this vulnerability through our HackerOne bug bounty program
