GitLab Code Execution Vulnerability (CVS 2023-2478)
![](https://nsfocusglobal.com/wp-content/uploads/2020/01/0124-2.jpg)
May 9, 2023
Overview Recently, NSFOCUS CERT monitored that GitLab officially issued a security notice, and fixed a code execution vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE) (CVE-2023-2478). Remote attackers with low privileges can add malicious Runners to any project of the instance through GraphQL endpoints, further exploiting the ability to execute arbitrary code or […]