GitLab has fixed a critical vulnerability (CVE-2023-5009) in the Enterprise Edition (EE) and Community Edition (CE) of its widely used DevOps platform. They flaw may allow a threat actor to abuse scan execution policies to run pipelines as another user. About the vulnerability (CVE-2023-5009) CVE-2023-5009 – discovered by software developer and bug hunter Johan Carlsson (joaxcar) in GitLab EE – affects all versions starting from 13.12 before 16.2.7 and all versions starting from 16.3 before … More
The post GitLab fixes critical vulnerability, patch now! (CVE-2023-5009) appeared first on Help Net Security.