An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,
Credits
Thanks [jlneel](https://hackerone.com/jlneel) for reporting this vulnerability through our HackerOne bug bounty program
