It’s that time of the month when GitLab cranks out its usual slew of security fixes, but this time your API access token is at risk, so don’t wait too long to update. Among the vulnerabilities mitigated in versions 13.7.2, 13.6.4, and 13.5.6 is a high severity issue that can be used to “steal a user’s API access token through GitLab Pages”. The problem is caused by insufficient validation of authentication parameters in GitLab Pages, and affects all versions starting from GitLab 11.5.
Read more about the security updates released by GitLab to keep your access tokens safe on DevClass.
For more see : GitLab.