Skip to content
Snippets Groups Projects

Return false on admin condition if an user authenticated with a job token

Merged Return false on admin condition if an user authenticated with a job token
dbiryukov_prevent_job_token_from_admin_permissions_mr-474775 into master
Merged Dmytro Biryukov requested to merge dbiryukov_prevent_job_token_from_admin_permissions_mr-474775 into master

Related to: https://gitlab.com/gitlab-org/gitlab/-/issues/474775

Rollout issue: #495627 (closed)

What does this MR do and why?

Requests authenticated using CI_JOB_TOKEN should be considered untrusted by default. If the CI_JOB_TOKEN of an instance admin is leaked it could give the attacker a catastrophic permission escalation. This could happen if we have holes in the system that would allow an attacker to do more than what's expected for a CI_JOB_TOKEN

This MR removes CI_JOB_TOKEN from the admin condition in base policy.

Edited by Dmytro Biryukov

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply