Security News > 2024 > July > GitLab: Critical bug lets attackers run pipelines as other users
GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user.
Under certain circumstances that GitLab has yet to disclose, attackers can exploit it to trigger a new pipeline as an arbitrary user.
GitLab pipelines are a Continuous Integration/Continuous Deployment system feature that lets users automatically run processes and tasks in parallel or sequentially to build, test, or deploy code changes.
GitLab patched an almost identical vulnerability in late June, which could also be exploited to run pipelines as other users.
Attackers target GitLab because it hosts various types of sensitive corporate data, including API keys and proprietary code, leading to significant security impact following a breach.
Critical GitLab bug lets attackers run pipelines as any user.
News URL
Related news
- GitLab warns of critical pipeline execution vulnerability (source)
- Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution (source)
- GitLab releases fix for critical SAML authentication bypass flaw (source)
- GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- GitLab warns of critical arbitrary branch pipeline execution flaw (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)