Internal Note Leak From Gitlab Duo When Review Merge Request

⚠️ Please read the process on how to fix security issues before starting to work on the issue. Vulnerabilities must be fixed in a security mirror.

HackerOne report #3149956 by rogerace on 2025-05-16, assigned to @katwu:

Report | Attachments | How To Reproduce

Report

Summary

Hope this report finds you well!

I am actually not sure whether this is problem of Gitlab or "careless" Gitlab user.

When a user uses GitlabDuo to review merge request, I found that GitlabDuo would sometimes also summarize internal notes. This can happen when the internal note is important, like "This merge request is very dangerous! Block it!", or if you explicitly ask GitlabDuo, like "review this merge request and summarize the comments".

However, in a public project, using this feature would mean outsiders would see the internal notes summarized, which often contain sensitive information.

This vulnerability is different from common attack vectors because there is no active "attackers" here. By using GitlabDuo normally, a user may just accidentally leak internal notes without any interference from any attacker. I thought it may be warned by Gitlab, but looking at https://docs.gitlab.com/user/project/merge_requests/duo_in_merge_requests/, I also see nothing about this problem.

Therefore, I decide to report it here since the Gitlab user is just using the GitlabDuo normally by following the Docs.

Steps to reproduce
  1. Create a public group, and make sure it is ultimate/ultimate trial.
  2. In https://gitlab.com/groups/YOUR_GROUP_NAME/-/settings/gitlab_duo/configuration, turn on experiment and beta GitLab Duo features
  3. Create a PUBLIC project.
  4. Create a new branch from home page

image.png

  1. In the new branch, create a new file and commit it. And then create a merge request from this new branch to main branch by clicking on the "create merge request" button.
  2. In the merge request, add an internal comment like "This is a malicious merge request. Block it!"
  3. Then post a comment like "[@]GitlabDuo review it"
  4. You should see your internal note got summarized. If you visit this merge request in an incognito browser, you will see your internal note got leaked.
PoC

leak_internal_note.webm

Impact

C: Low as it leaks internal note.
PR: None for public group

Attachments

Warning: Attachments received through HackerOne, please exercise caution!

How To Reproduce

Please add reproducibility information to this section: