GitLab Unauthorized Call Vulnerability (CVC-2023-5009) Notification

setembro 21, 2023

Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, and fixed an unauthorized call vulnerability in GitLab Enterprise Edition (EE). The vulnerability is a bypass of CVE-2023-3932. An attacker with low privileges can abuse the scan execution policy to run pipelines without the user’s consent. Successful exploitation of this vulnerability may allow […]


Inscreva-se no Blog da NSFOCUS