"Critical GitLab Bug Lets Attackers Run Pipelines as Any User"

Certain versions of GitLab Community and Enterprise Edition products have a critical vulnerability that enables attackers to run pipelines as any user. GitLab pipelines are a feature of the Continuous Integration/Continuous Deployment (CI/CD) system that allows users to automatically run processes and tasks in parallel or sequence to build, test, or deploy code changes. The last update addressed the security issue that an attacker could use to trigger a pipeline as another user under certain conditions. This article continues to discuss findings regarding the critical GitLab bug.

BleepingComputer reports "Critical GitLab Bug Lets Attackers Run Pipelines as Any User"

Submitted by grigby1

Submitted by Gregory Rigby on