MWR InfoSecurity discovered a username enumeration vulnerability in GitLab v5.0.0 to v7.5.0 which provides a Ruby on Rails web interface to manage git repositories. MWR have worked with the GitLab team to ensure that future versions of GitLab are no longer vulnerable to this issue.
more here........https://labs.mwrinfosecurity.com/blog/2015/03/20/gitlab-user-enumeration/
more here........https://labs.mwrinfosecurity.com/blog/2015/03/20/gitlab-user-enumeration/