GitLab Releases Critical Patch to Address Pipeline Execution Vulnerability

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

The critical security vulnerability CVE-2023-5009 affects all versions of GitLab Enterprise Edition (EE). This vulnerability is significant as it enables an attacker to execute pipelines as another user, potentially leading to unauthorized access and misuse of the GitLab environment. This vulnerability represents a bypass of CVE-2023-3932.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.