Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities found for runner by gitlab

    CVE-2022-2251 (GCVE-0-2022-2251)

    Vulnerability from nvd – Published: 2023-01-17 00:00 – Updated: 2025-04-08 18:20
    VLAI
    Summary
    Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Improper neutralization of special elements used in an os command ('os command injection') in GitLab Runner
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: <15.3.5
    Affected: >=15.4, <15.4.4
    Affected: >=15.5, <15.5.2
    Create a notification for this product.
    Credits
    Thanks [stanlyoncm](https://hackerone.com/stanlyoncm) for reporting this vulnerability through our HackerOne bug bounty program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:32:09.572Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1063511"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2251",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T18:20:33.707879Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T18:20:55.756Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c15.3.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e=15.4, \u003c15.4.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e=15.5, \u003c15.5.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks [stanlyoncm](https://hackerone.com/stanlyoncm) for reporting this vulnerability through our HackerOne bug bounty program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-17T00:00:00.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386"
            },
            {
              "url": "https://hackerone.com/reports/1063511"
            },
            {
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2022-2251",
        "datePublished": "2023-01-17T00:00:00.000Z",
        "dateReserved": "2022-06-29T00:00:00.000Z",
        "dateUpdated": "2025-04-08T18:20:55.756Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13327 (GCVE-0-2020-13327)

    Vulnerability from nvd – Published: 2020-10-22 20:05 – Updated: 2024-08-04 12:18
    VLAI
    Summary
    An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments
    CWE
    • Configuration in GitLab Runner
    Assigner
    References
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: >=13.4.0, <13.4.2
    Affected: >=13.3.0, <13.3.7
    Affected: >=13.2.0, <13.2.10
    Create a notification for this product.
    Credits
    This vulnerability has been discovered internally by the GitLab team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:18:17.093Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e=13.4.0, \u003c13.4.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.3.0, \u003c13.3.7"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.2.0, \u003c13.2.10"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This vulnerability has been discovered internally by the GitLab team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Configuration in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-22T20:05:58.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@gitlab.com",
              "ID": "CVE-2020-13327",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GitLab Runner",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e=13.4.0, \u003c13.4.2"
                              },
                              {
                                "version_value": "\u003e=13.3.0, \u003c13.3.7"
                              },
                              {
                                "version_value": "\u003e=13.2.0, \u003c13.2.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GitLab"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This vulnerability has been discovered internally by the GitLab team"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Configuration in GitLab Runner"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833"
                },
                {
                  "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json",
                  "refsource": "CONFIRM",
                  "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2020-13327",
        "datePublished": "2020-10-22T20:05:58.000Z",
        "dateReserved": "2020-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:18:17.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13295 (GCVE-0-2020-13295)

    Vulnerability from nvd – Published: 2020-08-10 13:32 – Updated: 2024-08-04 12:11
    VLAI
    Summary
    For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
    CWE
    • Server-side request forgery (ssrf) in GitLab Runner
    Assigner
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: >=1.0, <13.0.12
    Affected: >=13.1, <13.1.6
    Affected: >=13.2, <13.2.3
    Create a notification for this product.
    Credits
    Thanks [@lucash-dev](https://hackerone.com/lucash-dev) for reporting this vulnerability through our HackerOne bug bounty program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:11:19.550Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/809248"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e=1.0, \u003c13.0.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.1, \u003c13.1.6"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.2, \u003c13.2.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks [@lucash-dev](https://hackerone.com/lucash-dev) for reporting this vulnerability through our HackerOne bug bounty program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Server-side request forgery (ssrf) in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-10T13:32:12.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/809248"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@gitlab.com",
              "ID": "CVE-2020-13295",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GitLab Runner",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e=1.0, \u003c13.0.12"
                              },
                              {
                                "version_value": "\u003e=13.1, \u003c13.1.6"
                              },
                              {
                                "version_value": "\u003e=13.2, \u003c13.2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GitLab"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks [@lucash-dev](https://hackerone.com/lucash-dev) for reporting this vulnerability through our HackerOne bug bounty program"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Server-side request forgery (ssrf) in GitLab Runner"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096"
                },
                {
                  "name": "https://hackerone.com/reports/809248",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/809248"
                },
                {
                  "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json",
                  "refsource": "CONFIRM",
                  "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2020-13295",
        "datePublished": "2020-08-10T13:32:12.000Z",
        "dateReserved": "2020-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:11:19.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2251 (GCVE-0-2022-2251)

    Vulnerability from cvelistv5 – Published: 2023-01-17 00:00 – Updated: 2025-04-08 18:20
    VLAI
    Summary
    Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Improper neutralization of special elements used in an os command ('os command injection') in GitLab Runner
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: <15.3.5
    Affected: >=15.4, <15.4.4
    Affected: >=15.5, <15.5.2
    Create a notification for this product.
    Credits
    Thanks [stanlyoncm](https://hackerone.com/stanlyoncm) for reporting this vulnerability through our HackerOne bug bounty program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:32:09.572Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1063511"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2251",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T18:20:33.707879Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T18:20:55.756Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c15.3.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e=15.4, \u003c15.4.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e=15.5, \u003c15.5.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks [stanlyoncm](https://hackerone.com/stanlyoncm) for reporting this vulnerability through our HackerOne bug bounty program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-17T00:00:00.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386"
            },
            {
              "url": "https://hackerone.com/reports/1063511"
            },
            {
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2022-2251",
        "datePublished": "2023-01-17T00:00:00.000Z",
        "dateReserved": "2022-06-29T00:00:00.000Z",
        "dateUpdated": "2025-04-08T18:20:55.756Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13327 (GCVE-0-2020-13327)

    Vulnerability from cvelistv5 – Published: 2020-10-22 20:05 – Updated: 2024-08-04 12:18
    VLAI
    Summary
    An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments
    CWE
    • Configuration in GitLab Runner
    Assigner
    References
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: >=13.4.0, <13.4.2
    Affected: >=13.3.0, <13.3.7
    Affected: >=13.2.0, <13.2.10
    Create a notification for this product.
    Credits
    This vulnerability has been discovered internally by the GitLab team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:18:17.093Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e=13.4.0, \u003c13.4.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.3.0, \u003c13.3.7"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.2.0, \u003c13.2.10"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This vulnerability has been discovered internally by the GitLab team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Configuration in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-22T20:05:58.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@gitlab.com",
              "ID": "CVE-2020-13327",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GitLab Runner",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e=13.4.0, \u003c13.4.2"
                              },
                              {
                                "version_value": "\u003e=13.3.0, \u003c13.3.7"
                              },
                              {
                                "version_value": "\u003e=13.2.0, \u003c13.2.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GitLab"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This vulnerability has been discovered internally by the GitLab team"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Configuration in GitLab Runner"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833"
                },
                {
                  "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json",
                  "refsource": "CONFIRM",
                  "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2020-13327",
        "datePublished": "2020-10-22T20:05:58.000Z",
        "dateReserved": "2020-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:18:17.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13295 (GCVE-0-2020-13295)

    Vulnerability from cvelistv5 – Published: 2020-08-10 13:32 – Updated: 2024-08-04 12:11
    VLAI
    Summary
    For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
    CWE
    • Server-side request forgery (ssrf) in GitLab Runner
    Assigner
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: >=1.0, <13.0.12
    Affected: >=13.1, <13.1.6
    Affected: >=13.2, <13.2.3
    Create a notification for this product.
    Credits
    Thanks [@lucash-dev](https://hackerone.com/lucash-dev) for reporting this vulnerability through our HackerOne bug bounty program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:11:19.550Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/809248"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e=1.0, \u003c13.0.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.1, \u003c13.1.6"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.2, \u003c13.2.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks [@lucash-dev](https://hackerone.com/lucash-dev) for reporting this vulnerability through our HackerOne bug bounty program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Server-side request forgery (ssrf) in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-10T13:32:12.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/809248"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@gitlab.com",
              "ID": "CVE-2020-13295",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GitLab Runner",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e=1.0, \u003c13.0.12"
                              },
                              {
                                "version_value": "\u003e=13.1, \u003c13.1.6"
                              },
                              {
                                "version_value": "\u003e=13.2, \u003c13.2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GitLab"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks [@lucash-dev](https://hackerone.com/lucash-dev) for reporting this vulnerability through our HackerOne bug bounty program"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Server-side request forgery (ssrf) in GitLab Runner"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096"
                },
                {
                  "name": "https://hackerone.com/reports/809248",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/809248"
                },
                {
                  "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json",
                  "refsource": "CONFIRM",
                  "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2020-13295",
        "datePublished": "2020-08-10T13:32:12.000Z",
        "dateReserved": "2020-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:11:19.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }