BIT-GITLAB-2023-5207 Execution with Unnecessary Privileges in GitLab

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user...

Arbitrary Code Execution

gitlab:sid is vulnerable to Remote code execution. The vulnerability due to perform arbitrary pipeline execution under the context of another user. It allow an attacker execute the other user context with malicious code...

GitLab 16.0.0 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-5207)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitra...