Private/internal repository enumeration via bruteforce on a vulnerable URL See merge request gitlab/gitlabhq!3456