GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.
{ "severity": "Medium", "cpes": [ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*" ] }