Security News > 2024 > June > Critical GitLab bug lets attackers run pipelines as any user
A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user.
GitLab pipelines are a feature of the Continuous Integration/Continuous Deployment system that enables users to automatically run processes and tasks, either in parallel or in sequence, to build, test, or deploy code changes.
The vulnerability impacts all GitLab CE/EE versions from 15.8 through 16.11.4, 17.0.0 to 17.0.2, and 17.1.0 to 17.1.0.
"We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible" - GitLab.
GitLab has addressed the vulnerability by releasing versions 17.1.1, 17.0.3, and 16.11.5, and recommends users to apply the updates as soon as possible.
Resources for GitLab updates are available here, while GitLab Runner guidelines can be found on this page.