GitLab Releases Critical Patch to Address Pipeline Execution Vulnerability
GitLab Releases Critical Patch to Address Pipeline Execution Vulnerability
Threat Level
Vulnerability Report
For a detailed threat advisory, download the pdf file here
Summary
The critical security vulnerability CVE-2023-5009 affects all versions of GitLab Enterprise Edition (EE). This vulnerability is significant as it enables an attacker to execute pipelines as another user, potentially leading to unauthorized access and misuse of the GitLab environment. This vulnerability represents a bypass of CVE-2023-3932.
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.