Security News > 2024 > July > GitLab: Critical bug lets attackers run pipelines as other users

GitLab: Critical bug lets attackers run pipelines as other users
2024-07-10 20:08

GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user.

Under certain circumstances that GitLab has yet to disclose, attackers can exploit it to trigger a new pipeline as an arbitrary user.

GitLab pipelines are a Continuous Integration/Continuous Deployment system feature that lets users automatically run processes and tasks in parallel or sequentially to build, test, or deploy code changes.

GitLab patched an almost identical vulnerability in late June, which could also be exploited to run pipelines as other users.

Attackers target GitLab because it hosts various types of sensitive corporate data, including API keys and proprietary code, leading to significant security impact following a breach.

Critical GitLab bug lets attackers run pipelines as any user.


News URL

https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-bug-that-lets-attackers-run-pipelines-as-an-arbitrary-user/