gitlab ci (self hosted), docker, access to other containers


Even if i’m not allowed to access a specific repo (or if i have low perms (cant see ci/cd vars)) i still can create one and do something like:

variables:   USER: gitlab build:   stage: build   image: docker:latest   script:     - docker ps -a     - docker images 

Then when i have what i need, i can:

variables:   USER: gitlab build:   stage: build   image: docker:latest     - docker exec <container> /bin/cat /var/www/html/config.php     - docker exec <container> /usr/bin/env 

How to avoid this kind of stuff?

PS: This is on a self hosted gitlab server.

PS2: Originaly post on stackoverflow, but im asking here since i didnt have any answer.