GitLab Warns of Arbitrary Branch Pipeline Execution Flaws

Posted on 2024-10-16 Edited on 2025-06-24

Quick Report

GitLab has issued warning regarding a flaw that allowed unauthorized users to trigger CI/CD (Continuous Integration and Deployment) pipelines on any branch of a repository on both CE (Community Edition) and EE (Enterprise Edition) versions of the GitLab platform.

The vulnerability is tracked as CVE-2024-9164 and GitLab has released a post to address the issue linked here. GitLab recommends everyone to apply the update ASAP.

Source(s)

Bleeping Computer