GitLab CVE-2023-6371: How can I tell if Banzai is enabled on my GitLab instance?

Problem to solve

According to the latest security announcement, GitLab’s is vulnerable to attack via Banzai Pipelines. How can I tell if this is a feature that’s enabled on my instance, or are all self-managed GitLab deployments affected prior to upgrade to the newest release?

Steps to reproduce

I looked around, and couldn’t find much info about how Banzai Pipelines are integrated with GitLab. I did find the commit that patches the issue, but it’s not clear whether the Banzai feature is applicable to all installations:

I also looked at the features.yml file, which has no references to “Banzai”:

Any help is appreciated. Thanks! : )



  • GitLab 16.9.2

I needed to research myself, looking at the development guides and source code search results - Banzai is a library for parsing/processing Markdown files and uses pipelines do so (this is different to CI/CD pipelines).

It is not a feature that you can enable/disable, so I’d recommend upgrading to fix the vulnerability when you are using the wiki.

1 Like