During a black-box engagement you identify a publicly accessible GitLab endpoint at /api/v4/projects/42/trigger/pipeline. Examining the project's repository, you notice that a pipeline trigger token has been accidentally hard-coded in a .gitlab-ci.yml include file. Supplying this leaked value in the X-Gitlab-Token header lets you invoke the endpoint and define arbitrary CI jobs. Which high-impact attack becomes feasible against the organization's infrastructure if one of their shared runners is misconfigured in privileged mode?
Force an open redirect to harvest developer credentials during the GitLab login flow.
Exploit blind SQL injection in the token parameter to exfiltrate the GitLab database.
Perform directory traversal through the endpoint to read files such as /etc/passwd.
Launch an unauthorized pipeline that executes arbitrary shell commands, achieving remote code execution on the CI runner.
Because the attacker has obtained a legitimate pipeline trigger token, they can craft and launch a malicious pipeline that contains arbitrary shell commands. If a shared GitLab runner is mistakenly configured to run in privileged or root context, those commands execute on the runner's host, granting the attacker remote code execution and a foothold for further lateral movement. The other options are not realistic: the endpoint does not build SQL queries (ruling out SQL injection), it does not perform redirects, and directory traversal requires a different class of vulnerability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a pipeline trigger token in GitLab?
Open an interactive chat with Bash
What does 'privileged mode' mean for GitLab runners?
Open an interactive chat with Bash
How does remote code execution (RCE) work in this scenario?
Open an interactive chat with Bash
What is a GitLab CI runner?
Open an interactive chat with Bash
How does a pipeline trigger token work in GitLab?
Open an interactive chat with Bash
What are the risks of privileged mode on CI runners?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .