Security

GitLab addressed critical vulnerability CVE-2023-5009

GitLab rolled out security patches to address a critical vulnerability, tracked as CVE-2023-5009, that can be exploited to run pipelines as another user.

GitLab has released security patches to address a critical vulnerability, tracked as CVE-2023-5009 (CVSS score: 9.6), that allows an attacker to run pipelines as another user.

The issue resides in GitLab EE and affects all versions starting from 13.12 and prior to 16.2.7, all versions starting from 16.3 before 16.3.4.

“An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932] showing additional impact.” reads the advisory.

An attacker can exploit this vulnerability to access sensitive information or use the elevated permissions of the impersonated user to access or modify source code, or run arbitrary code on the system.

The company addressed the vulnerability with the release of 16.3.4 for Community Edition and 16.2.7 for Enterprise Edition.

The vulnerability was reported by the security researcher Johan Carlsson (aka joaxcar) through the GitLab HackerOne bug bounty program.

Carlsson explained that it took about two years and more than 100 written reports before its submission was accepted.

To reduce the risk of exploiting the vulnerability, researchers advise users who operate a GitLab instance with a version earlier than 16.2 to refrain from enabling both the ‘Direct Transfers’ and ‘Security Policies’ features concurrently.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, GitLab)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild

Attackers are exploiting the critical Adobe ColdFusion flaw CVE-2026-48282, which allows remote code execution on…

7 hours ago

Hidden Web Prompts Trick AI Agents Into Sending Money

Hidden prompts on malicious websites trick AI agents into making payments or trusting fake sites,…

14 hours ago

Seven Bugs in FatFs Put IoT and Embedded Devices at Risk

runZero found 7 flaws in FatFs, a filesystem used in IoT and embedded devices. Bugs…

17 hours ago

Bad Epoll Flaw Gives Attackers Root Access on Linux and Android

Bad Epoll (CVE-2026-46242) lets local attackers gain root on Linux and Android. The flaw was…

19 hours ago

Medtronic Notifies 3.8 Million After ShinyHunters Data Breach

Medtronic says a ShinyHunters attack exposed the personal and medical data of over 3.8 million…

1 day ago

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104

Security Affairs Malware newsletter includes a collection of the best articles and research on malware…

1 day ago

This website uses cookies.