CVS 2023-2478

GitLab Code Execution Vulnerability (CVS 2023-2478)

May 9, 2023

Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, and fixed a code execution vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) (CVE-2023-2478). Remote attackers with low privileges can add malicious Runners to any project of the instance through GraphQL endpoints, further exploiting the ability to execute arbitrary code or […]


Subscribe to the NSFOCUS Blog