This risk arises when individual steps in a CI/CD pipeline lack granular access controls, or when access checks are not enforced consistently between stages. Without strict step-level isolation, an adversary can exploit race conditions (e.g., Time-of-Check to Time-of-Use / TOCTOU) to modify artifacts, configuration files, or credentials in the gap between validation and execution. This allows unauthorised escalation of privileges within the pipeline, bypassing intended security boundaries and compromising downstream deployments.

Remediation

• Apply least-privilege principles to each pipeline stage — ensure build, test, and deploy steps run with only the minimum rights they need.
• Enforce step-level permissions using the CI/CD platform’s access control features (e.g., GitHub Actions `permissions:` block, GitLab job-level `rules`, Jenkins RBAC plugins).
• Use atomic operations wherever possible to eliminate race conditions (e.g., verify and immediately use artifacts without storing them in mutable shared locations).
• Prevent shared mutable state between pipeline jobs; rely on immutable artifacts and isolated workspaces to avoid TOCTOU manipulation.
• Continuously monitor pipeline execution for anomalies such as unexpected changes in artifacts, credentials, or job definitions between stages.