Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account
Credits
Thanks @jimeno for reporting this vulnerability through our HackerOne bug bounty program
