Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, and fixed an unauthorized call vulnerability in GitLab Enterprise Edition (EE). The vulnerability is a bypass of CVE-2023-3932. An attacker with low privileges can abuse the scan execution policy to run pipelines without the user's consent. Successful exploitation...
