An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the merge request JSON endpoint.
https://gitlab.com/gitlab-org/gitlab-ce/issues/51956
https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/