Vulnerabilites related to gitlab - runner
Vulnerability from fkie_nvd
Published
2020-08-10 14:15
Modified
2024-11-21 05:00
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@gitlab.com | https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json | Third Party Advisory | |
| cve@gitlab.com | https://gitlab.com/gitlab-org/gitlab/-/issues/209096 | Broken Link | |
| cve@gitlab.com | https://hackerone.com/reports/809248 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.com/gitlab-org/gitlab/-/issues/209096 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/809248 | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E49C13E4-CB96-444A-8D35-75E6056DDF69",
"versionEndExcluding": "13.0.12",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57135B4A-EFC1-41EE-B20A-8291E6265F92",
"versionEndExcluding": "13.1.6",
"versionStartIncluding": "13.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "991182DF-8040-48DD-8434-5E08DF623465",
"versionEndExcluding": "13.2.3",
"versionStartIncluding": "13.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF."
},
{
"lang": "es",
"value": "Para GitLab Runner versiones anteriores a 13.0.12, 13.1.6, 13.2.3, al reemplazar dockerd con un servidor malicioso, Shared Runner es susceptible a un ataque de tipo CSRF"
}
],
"id": "CVE-2020-13295",
"lastModified": "2024-11-21T05:00:58.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "cve@gitlab.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-10T14:15:13.047",
"references": [
{
"source": "cve@gitlab.com",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json"
},
{
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096"
},
{
"source": "cve@gitlab.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/809248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/809248"
}
],
"sourceIdentifier": "cve@gitlab.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-17 21:15
Modified
2025-04-08 19:15
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@gitlab.com | https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json | Vendor Advisory | |
| cve@gitlab.com | https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@gitlab.com | https://hackerone.com/reports/1063511 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackerone.com/reports/1063511 | Permissions Required, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73A6B94A-F343-4F43-A708-7CA3CE8A5203",
"versionEndExcluding": "15.3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54F77ADD-47C6-4A4B-B442-1AE84836DF50",
"versionEndExcluding": "15.4.4",
"versionStartIncluding": "15.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE8EBC82-6C6D-4AEF-8BB0-DCE8A4EBCD7F",
"versionEndExcluding": "15.5.2",
"versionStartIncluding": "15.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user."
},
{
"lang": "es",
"value": "La desinfecci\u00f3n inadecuada de los nombres de las ramas en GitLab Runner que afecta a todas las versiones anteriores a la 15.3.5, 15.4 anterior a la 15.4.4 y 15.5 anterior a la 15.5.2 permite que un usuario cree una rama con un nombre especialmente manipulado y consiga que otro usuario active un pipeline para ejecutar comandos en el ejecutor como ese otro usuario."
}
],
"id": "CVE-2022-2251",
"lastModified": "2025-04-08T19:15:45.583",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "cve@gitlab.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-17T21:15:12.343",
"references": [
{
"source": "cve@gitlab.com",
"tags": [
"Vendor Advisory"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json"
},
{
"source": "cve@gitlab.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386"
},
{
"source": "cve@gitlab.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1063511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1063511"
}
],
"sourceIdentifier": "cve@gitlab.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-22 21:15
Modified
2024-11-21 05:01
Severity ?
6.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@gitlab.com | https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json | Vendor Advisory | |
| cve@gitlab.com | https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833 | Broken Link, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833 | Broken Link, Issue Tracking, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8219E6B8-5839-4A71-8B29-78EA9FBC99CB",
"versionEndExcluding": "13.2.10",
"versionStartIncluding": "13.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87A15931-6F16-4BA7-B98F-41087B5165EB",
"versionEndExcluding": "13.3.7",
"versionStartIncluding": "13.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90E52703-4297-4A7C-8BE5-7C627F3D4F61",
"versionEndExcluding": "13.4.2",
"versionStartIncluding": "13.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments"
},
{
"lang": "es",
"value": "Se ha detectado un problema en GitLab Runner que afecta a todas las versiones desde 13.4.0 versiones anteriores a 13.4.2, todas las versiones desde 13.3.0 versiones anteriores a 13.3.7, todas las versiones desde 13.2.0 versiones anteriores a 13.2.10.\u0026#xa0;Una Configuraci\u00f3n de Ejecuci\u00f3n No Segura en Entornos Kubernetes"
}
],
"id": "CVE-2020-13327",
"lastModified": "2024-11-21T05:01:02.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.7,
"source": "cve@gitlab.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-22T21:15:12.810",
"references": [
{
"source": "cve@gitlab.com",
"tags": [
"Vendor Advisory"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json"
},
{
"source": "cve@gitlab.com",
"tags": [
"Broken Link",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833"
}
],
"sourceIdentifier": "cve@gitlab.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-13327 (GCVE-0-2020-13327)
Vulnerability from cvelistv5
Published
2020-10-22 20:05
Modified
2024-08-04 12:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Configuration in GitLab Runner
Summary
An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833 | x_refsource_MISC | |
| https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitLab | GitLab Runner |
Version: >=13.4.0, <13.4.2 Version: >=13.3.0, <13.3.7 Version: >=13.2.0, <13.2.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:17.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab Runner",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "\u003e=13.4.0, \u003c13.4.2"
},
{
"status": "affected",
"version": "\u003e=13.3.0, \u003c13.3.7"
},
{
"status": "affected",
"version": "\u003e=13.2.0, \u003c13.2.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability has been discovered internally by the GitLab team"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Configuration in GitLab Runner",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-22T20:05:58",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2020-13327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab Runner",
"version": {
"version_data": [
{
"version_value": "\u003e=13.4.0, \u003c13.4.2"
},
{
"version_value": "\u003e=13.3.0, \u003c13.3.7"
},
{
"version_value": "\u003e=13.2.0, \u003c13.2.10"
}
]
}
}
]
},
"vendor_name": "GitLab"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability has been discovered internally by the GitLab team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Configuration in GitLab Runner"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833",
"refsource": "MISC",
"url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2020-13327",
"datePublished": "2020-10-22T20:05:58",
"dateReserved": "2020-05-21T00:00:00",
"dateUpdated": "2024-08-04T12:18:17.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13295 (GCVE-0-2020-13295)
Vulnerability from cvelistv5
Published
2020-08-10 13:32
Modified
2024-08-04 12:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Server-side request forgery (ssrf) in GitLab Runner
Summary
For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/209096 | x_refsource_MISC | |
| https://hackerone.com/reports/809248 | x_refsource_MISC | |
| https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitLab | GitLab Runner |
Version: >=1.0, <13.0.12 Version: >=13.1, <13.1.6 Version: >=13.2, <13.2.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/809248"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GitLab Runner",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "\u003e=1.0, \u003c13.0.12"
},
{
"status": "affected",
"version": "\u003e=13.1, \u003c13.1.6"
},
{
"status": "affected",
"version": "\u003e=13.2, \u003c13.2.3"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [@lucash-dev](https://hackerone.com/lucash-dev) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-side request forgery (ssrf) in GitLab Runner",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-10T13:32:12",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/809248"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2020-13295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GitLab Runner",
"version": {
"version_data": [
{
"version_value": "\u003e=1.0, \u003c13.0.12"
},
{
"version_value": "\u003e=13.1, \u003c13.1.6"
},
{
"version_value": "\u003e=13.2, \u003c13.2.3"
}
]
}
}
]
},
"vendor_name": "GitLab"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [@lucash-dev](https://hackerone.com/lucash-dev) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-side request forgery (ssrf) in GitLab Runner"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096",
"refsource": "MISC",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096"
},
{
"name": "https://hackerone.com/reports/809248",
"refsource": "MISC",
"url": "https://hackerone.com/reports/809248"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2020-13295",
"datePublished": "2020-08-10T13:32:12",
"dateReserved": "2020-05-21T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2251 (GCVE-0-2022-2251)
Vulnerability from cvelistv5
Published
2023-01-17 00:00
Modified
2025-04-08 18:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper neutralization of special elements used in an os command ('os command injection') in GitLab Runner
Summary
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GitLab | GitLab Runner |
Version: <15.3.5 Version: >=15.4, <15.4.4 Version: >=15.5, <15.5.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386"
},
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1063511"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2251",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T18:20:33.707879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T18:20:55.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GitLab Runner",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "\u003c15.3.5"
},
{
"status": "affected",
"version": "\u003e=15.4, \u003c15.4.4"
},
{
"status": "affected",
"version": "\u003e=15.5, \u003c15.5.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks [stanlyoncm](https://hackerone.com/stanlyoncm) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in GitLab Runner",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T00:00:00.000Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386"
},
{
"url": "https://hackerone.com/reports/1063511"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2022-2251",
"datePublished": "2023-01-17T00:00:00.000Z",
"dateReserved": "2022-06-29T00:00:00.000Z",
"dateUpdated": "2025-04-08T18:20:55.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}