The Legit research team unearthed vulnerabilities in GitLab Duo.