| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| user | ||
| issues.json | ||
| merge_requests.json |
BigW Consortium Gitlab
- To prevent an attacker from enumerating the `/users` API to get a list of all the admins. - Display the `is_admin?` flag wherever we display the `private_token` - at the moment, there are two instances: - When an admin uses `sudo` to view the `/user` endpoint - When logging in using the `/session` endpoint
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| user | Loading commit data... | |
| issues.json | Loading commit data... | |
| merge_requests.json | Loading commit data... |