[GitLab] Able to view hackerone reports attachments

We discussed this vulnerability during Episode 151 on 19 September 2022

Fairly simple vulnerability where GitLab had an internal endpoint for their own tracking of H1 reports on h1.sec.gitlab.net. The researcher found one of these links and discovered the /a path which would dump all attachments keys, which you could use to re-construct the urls to download attachments.