According to the latest security announcement, GitLab’s is vulnerable to attack via Banzai Pipelines. How can I tell if this is a feature that’s enabled on my instance, or are all self-managed GitLab deployments affected prior to upgrade to the newest release?
Steps to reproduce
I looked around, and couldn’t find much info about how Banzai Pipelines are integrated with GitLab. I did find the commit that patches the issue, but it’s not clear whether the Banzai feature is applicable to all installations:
I also looked at the features.yml file, which has no references to “Banzai”:
I needed to research myself, looking at the development guides and source code search results - Banzai is a library for parsing/processing Markdown files and uses pipelines do so (this is different to CI/CD pipelines).
It is not a feature that you can enable/disable, so I’d recommend upgrading to fix the vulnerability when you are using the wiki.