The remote Debian host is missing a security-related update.
Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code : - CVE-2017-0920 It was discovered that missing validation of merge requests allowed users to see names to private projects, resulting in information disclosure. - CVE-2018-8971 It was discovered that the Auth0 integration was implemented incorrectly.
Upgrade the gitlab packages. For the stable distribution (stretch), these problems have been fixed in version 8.13.11+dfsg1-8+deb9u2. The fix for CVE-2018-8971 also requires ruby-omniauth-auth0 to be upgraded to version 2.0.0-0+deb9u1.