GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.

it is known that perpetrators could weaponize it to execute a new pipeline under the guise of any user. GitLab pipelines are integral to the automation of software development, including building, ...

GitLab has released ... a critical arbitrary branch pipeline execution flaw. The vulnerability, which is tracked as CVE-2024-9164, allows unauthorized users to trigger Continuous Integration ...

GitLab issues an advisory for a critical-severity vulnerability that allows an attacker to trigger a pipeline as another user. DevOps platform GitLab has pushed out security updates that address six ...

GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration ...

delivering a more secure way to configure parent/child pipelines and optimize pipeline execution. GitLab Query Language enables users to find, filter, and embed content from anywhere in the GitLab ...

The original vulnerability, CVE-2023-3932, was reported via GitLab’s HackerOne bug bounty program by a researcher who explained that the attacker could trigger the issue via the scan execution policy.