
All private tokens are leaked to an unauthenticated attacker - ryanlol
https://hackerone.com/reports/268794
======
zeveb
Ouch, that's really, _really_ not good.

------
QUFB
And the reward is some Gitlab swag?

~~~
sytse
Swag and a followup call to receive thanks from our director of Security and
me. We're working on offering monetary bounties on HackerOne in the future.

