Even if i’m not allowed to access a specific repo (or if i have low perms (cant see ci/cd vars)) i still can create one and do something like:
variables: USER: gitlab build: stage: build image: docker:latest script: - docker ps -a - docker images
Then when i have what i need, i can:
variables: USER: gitlab build: stage: build image: docker:latest - docker exec <container> /bin/cat /var/www/html/config.php - docker exec <container> /usr/bin/env
How to avoid this kind of stuff?
PS: This is on a self hosted gitlab server.
PS2: Originaly post on stackoverflow, but im asking here since i didnt have any answer.