GitLab Unauthorized Call Vulnerability (CVC-2023-5009) Notification
September 21, 2023
Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, and fixed an unauthorized call vulnerability in GitLab Enterprise Edition (EE). The vulnerability is a bypass of CVE-2023-3932. An attacker with low privileges can abuse the scan execution policy to run pipelines without the user’s consent. Successful exploitation of this vulnerability may allow […]
