Can pipeline trigger tokens be used to interact with other parts of the API besides triggering pipelines

nunofrias · March 30, 2023, 10:58am

I have some concerns that a pipeline trigger token might be used to access other secure parts of the Gitlab API.

My attempts to access the secure bits of the API with the trigger token have been fortunately frustrated, but still I would like some assurances that a trigger token ONLY allows a pipeline (in the same project of the token) to be triggered.

Topic		Replies	Views
Trigger pipeline through API with my Personal Authentication Token GitLab CI/CD	1	2000	March 2, 2019
Can't start another project pipeline by its trigger How to Use GitLab api	0	646	February 27, 2020
CI_JOB_TOKEN and triggered pipeline status GitLab CI/CD api	6	3187	October 21, 2024
Is there a way to determine scope of a gitlab token via API or grapthql or other means apart from console? How to Use GitLab token	0	466	January 28, 2022
When using Pipeline Triggers and Trigger Tokens, the Pipeline impersonates Token Owner, not Trigger User GitLab CI/CD api , ci	2	2840	January 7, 2022

Can pipeline trigger tokens be used to interact with other parts of the API besides triggering pipelines

Related topics