GitLab Users Advised to Update Against Critical Flaw Immediately

The bug has a CVSS score of 9.6 and allows unauthorized users to compromise private repositories.

GitLab users need to update their servers urgently to protect against a new critical flaw that could allow threat actors to run pipelines as other users and compromise private repositories.
The flaw, CVE-2023-5009, is in the scheduled security scan policies,
according to GitLab
, and is a bypass of another bug from July, tracked under CVE-2023-3932.
We strongly recommend that all installations running a version affected by the issues ... are upgraded to the latest version as soon as possible,
GitLab
said.
Any user could potentially exploit the critical flaw by changing the policy file author with the git config command, according to Alex Ilgayev, head of security research at Cycode.
The vulnerability is a bypass to another vulnerability reported and fixed one month ago, which allowed forging the identity of the policy file committer, hijacking the pipeline permissions, and gaining access to any users private repositories, Ilgayev said. While GitLab didnt release official information regarding the bypass, by inspecting the GitLab source code, the bypass seems to involve removing the bot user from the group and allowing the execution of the previous vulnerability flow again.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
GitLab Users Advised to Update Against Critical Flaw Immediately