Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12 vulnerabilities found for GitLab Runner by GitLab

    CVE-2022-2251 (GCVE-0-2022-2251)

    Vulnerability from nvd – Published: 2023-01-17 00:00 – Updated: 2025-04-08 18:20
    VLAI
    Summary
    Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Improper neutralization of special elements used in an os command ('os command injection') in GitLab Runner
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: <15.3.5
    Affected: >=15.4, <15.4.4
    Affected: >=15.5, <15.5.2
    Create a notification for this product.
    Credits
    Thanks [stanlyoncm](https://hackerone.com/stanlyoncm) for reporting this vulnerability through our HackerOne bug bounty program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:32:09.572Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1063511"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2251",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T18:20:33.707879Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T18:20:55.756Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c15.3.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e=15.4, \u003c15.4.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e=15.5, \u003c15.5.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks [stanlyoncm](https://hackerone.com/stanlyoncm) for reporting this vulnerability through our HackerOne bug bounty program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-17T00:00:00.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386"
            },
            {
              "url": "https://hackerone.com/reports/1063511"
            },
            {
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2022-2251",
        "datePublished": "2023-01-17T00:00:00.000Z",
        "dateReserved": "2022-06-29T00:00:00.000Z",
        "dateUpdated": "2025-04-08T18:20:55.756Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39947 (GCVE-0-2021-39947)

    Vulnerability from nvd – Published: 2022-06-06 16:48 – Updated: 2024-08-04 02:20
    VLAI
    Summary
    In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs
    CWE
    • Information exposure in GitLab Runner
    Assigner
    References
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: <14.3.4
    Affected: >=14.4, <14.4.2
    Affected: >=14.5, <14.5.2
    Create a notification for this product.
    Credits
    This vulnerability has been discovered internally by the GitLab team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:20:34.198Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28732"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39947.json"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c14.3.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e=14.4, \u003c14.4.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e=14.5, \u003c14.5.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This vulnerability has been discovered internally by the GitLab team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information exposure in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-06T16:48:14.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28732"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39947.json"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@gitlab.com",
              "ID": "CVE-2021-39947",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GitLab Runner",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c14.3.4"
                              },
                              {
                                "version_value": "\u003e=14.4, \u003c14.4.2"
                              },
                              {
                                "version_value": "\u003e=14.5, \u003c14.5.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GitLab"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This vulnerability has been discovered internally by the GitLab team"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information exposure in GitLab Runner"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28732",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28732"
                },
                {
                  "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39947.json",
                  "refsource": "CONFIRM",
                  "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39947.json"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2021-39947",
        "datePublished": "2022-06-06T16:48:14.000Z",
        "dateReserved": "2021-08-23T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:20:34.198Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39939 (GCVE-0-2021-39939)

    Vulnerability from nvd – Published: 2021-12-13 15:48 – Updated: 2024-08-04 02:20
    VLAI
    Summary
    An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager
    CWE
    • Uncontrolled resource consumption in GitLab Runner
    Assigner
    References
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: >=13.7, <14.3.6
    Affected: >=14.4, <14.4.4
    Affected: >=14.5, <14.5.2
    Create a notification for this product.
    Credits
    This vulnerability has been discovered internally by the GitLab team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:20:34.025Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39939.json"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e=13.7, \u003c14.3.6"
                },
                {
                  "status": "affected",
                  "version": "\u003e=14.4, \u003c14.4.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e=14.5, \u003c14.5.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This vulnerability has been discovered internally by the GitLab team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Uncontrolled resource consumption in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-13T15:48:02.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39939.json"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@gitlab.com",
              "ID": "CVE-2021-39939",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GitLab Runner",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e=13.7, \u003c14.3.6"
                              },
                              {
                                "version_value": "\u003e=14.4, \u003c14.4.4"
                              },
                              {
                                "version_value": "\u003e=14.5, \u003c14.5.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GitLab"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This vulnerability has been discovered internally by the GitLab team"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Uncontrolled resource consumption in GitLab Runner"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630"
                },
                {
                  "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39939.json",
                  "refsource": "CONFIRM",
                  "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39939.json"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2021-39939",
        "datePublished": "2021-12-13T15:48:02.000Z",
        "dateReserved": "2021-08-23T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:20:34.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13327 (GCVE-0-2020-13327)

    Vulnerability from nvd – Published: 2020-10-22 20:05 – Updated: 2024-08-04 12:18
    VLAI
    Summary
    An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments
    CWE
    • Configuration in GitLab Runner
    Assigner
    References
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: >=13.4.0, <13.4.2
    Affected: >=13.3.0, <13.3.7
    Affected: >=13.2.0, <13.2.10
    Create a notification for this product.
    Credits
    This vulnerability has been discovered internally by the GitLab team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:18:17.093Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e=13.4.0, \u003c13.4.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.3.0, \u003c13.3.7"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.2.0, \u003c13.2.10"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This vulnerability has been discovered internally by the GitLab team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Configuration in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-22T20:05:58.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@gitlab.com",
              "ID": "CVE-2020-13327",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GitLab Runner",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e=13.4.0, \u003c13.4.2"
                              },
                              {
                                "version_value": "\u003e=13.3.0, \u003c13.3.7"
                              },
                              {
                                "version_value": "\u003e=13.2.0, \u003c13.2.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GitLab"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This vulnerability has been discovered internally by the GitLab team"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Configuration in GitLab Runner"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833"
                },
                {
                  "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json",
                  "refsource": "CONFIRM",
                  "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2020-13327",
        "datePublished": "2020-10-22T20:05:58.000Z",
        "dateReserved": "2020-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:18:17.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13347 (GCVE-0-2020-13347)

    Vulnerability from nvd – Published: 2020-10-07 13:14 – Updated: 2024-08-04 12:18
    VLAI
    Summary
    A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable.
    CWE
    • Improper neutralization of special elements used in a command ('command injection') in GitLab Runner
    Assigner
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: >=12.0.0, <13.2.4
    Affected: >=13.3.0, <13.3.2
    Affected: >=13.4.0, <13.4.1
    Create a notification for this product.
    Credits
    Thanks [ajxchapman](https://hackerone.com/ajxchapman) for reporting this vulnerability through our HackerOne bug bounty program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:18:17.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26725"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/955016"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13347.json"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e=12.0.0, \u003c13.2.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.3.0, \u003c13.3.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.4.0, \u003c13.4.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks [ajxchapman](https://hackerone.com/ajxchapman) for reporting this vulnerability through our HackerOne bug bounty program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-07T13:14:16.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26725"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/955016"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13347.json"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@gitlab.com",
              "ID": "CVE-2020-13347",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GitLab Runner",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e=12.0.0, \u003c13.2.4"
                              },
                              {
                                "version_value": "\u003e=13.3.0, \u003c13.3.2"
                              },
                              {
                                "version_value": "\u003e=13.4.0, \u003c13.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GitLab"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks [ajxchapman](https://hackerone.com/ajxchapman) for reporting this vulnerability through our HackerOne bug bounty program"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in GitLab Runner"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26725",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26725"
                },
                {
                  "name": "https://hackerone.com/reports/955016",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/955016"
                },
                {
                  "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13347.json",
                  "refsource": "CONFIRM",
                  "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13347.json"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2020-13347",
        "datePublished": "2020-10-07T13:14:16.000Z",
        "dateReserved": "2020-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:18:17.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13295 (GCVE-0-2020-13295)

    Vulnerability from nvd – Published: 2020-08-10 13:32 – Updated: 2024-08-04 12:11
    VLAI
    Summary
    For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
    CWE
    • Server-side request forgery (ssrf) in GitLab Runner
    Assigner
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: >=1.0, <13.0.12
    Affected: >=13.1, <13.1.6
    Affected: >=13.2, <13.2.3
    Create a notification for this product.
    Credits
    Thanks [@lucash-dev](https://hackerone.com/lucash-dev) for reporting this vulnerability through our HackerOne bug bounty program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:11:19.550Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/809248"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e=1.0, \u003c13.0.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.1, \u003c13.1.6"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.2, \u003c13.2.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks [@lucash-dev](https://hackerone.com/lucash-dev) for reporting this vulnerability through our HackerOne bug bounty program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Server-side request forgery (ssrf) in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-10T13:32:12.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/809248"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@gitlab.com",
              "ID": "CVE-2020-13295",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GitLab Runner",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e=1.0, \u003c13.0.12"
                              },
                              {
                                "version_value": "\u003e=13.1, \u003c13.1.6"
                              },
                              {
                                "version_value": "\u003e=13.2, \u003c13.2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GitLab"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks [@lucash-dev](https://hackerone.com/lucash-dev) for reporting this vulnerability through our HackerOne bug bounty program"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Server-side request forgery (ssrf) in GitLab Runner"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096"
                },
                {
                  "name": "https://hackerone.com/reports/809248",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/809248"
                },
                {
                  "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json",
                  "refsource": "CONFIRM",
                  "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2020-13295",
        "datePublished": "2020-08-10T13:32:12.000Z",
        "dateReserved": "2020-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:11:19.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2251 (GCVE-0-2022-2251)

    Vulnerability from cvelistv5 – Published: 2023-01-17 00:00 – Updated: 2025-04-08 18:20
    VLAI
    Summary
    Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Improper neutralization of special elements used in an os command ('os command injection') in GitLab Runner
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: <15.3.5
    Affected: >=15.4, <15.4.4
    Affected: >=15.5, <15.5.2
    Create a notification for this product.
    Credits
    Thanks [stanlyoncm](https://hackerone.com/stanlyoncm) for reporting this vulnerability through our HackerOne bug bounty program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:32:09.572Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/1063511"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2251",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-08T18:20:33.707879Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-08T18:20:55.756Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c15.3.5"
                },
                {
                  "status": "affected",
                  "version": "\u003e=15.4, \u003c15.4.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e=15.5, \u003c15.5.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks [stanlyoncm](https://hackerone.com/stanlyoncm) for reporting this vulnerability through our HackerOne bug bounty program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-17T00:00:00.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386"
            },
            {
              "url": "https://hackerone.com/reports/1063511"
            },
            {
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2022-2251",
        "datePublished": "2023-01-17T00:00:00.000Z",
        "dateReserved": "2022-06-29T00:00:00.000Z",
        "dateUpdated": "2025-04-08T18:20:55.756Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39947 (GCVE-0-2021-39947)

    Vulnerability from cvelistv5 – Published: 2022-06-06 16:48 – Updated: 2024-08-04 02:20
    VLAI
    Summary
    In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs
    CWE
    • Information exposure in GitLab Runner
    Assigner
    References
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: <14.3.4
    Affected: >=14.4, <14.4.2
    Affected: >=14.5, <14.5.2
    Create a notification for this product.
    Credits
    This vulnerability has been discovered internally by the GitLab team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:20:34.198Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28732"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39947.json"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c14.3.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e=14.4, \u003c14.4.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e=14.5, \u003c14.5.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This vulnerability has been discovered internally by the GitLab team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information exposure in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-06T16:48:14.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28732"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39947.json"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@gitlab.com",
              "ID": "CVE-2021-39947",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GitLab Runner",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c14.3.4"
                              },
                              {
                                "version_value": "\u003e=14.4, \u003c14.4.2"
                              },
                              {
                                "version_value": "\u003e=14.5, \u003c14.5.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GitLab"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This vulnerability has been discovered internally by the GitLab team"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information exposure in GitLab Runner"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28732",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28732"
                },
                {
                  "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39947.json",
                  "refsource": "CONFIRM",
                  "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39947.json"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2021-39947",
        "datePublished": "2022-06-06T16:48:14.000Z",
        "dateReserved": "2021-08-23T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:20:34.198Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39939 (GCVE-0-2021-39939)

    Vulnerability from cvelistv5 – Published: 2021-12-13 15:48 – Updated: 2024-08-04 02:20
    VLAI
    Summary
    An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager
    CWE
    • Uncontrolled resource consumption in GitLab Runner
    Assigner
    References
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: >=13.7, <14.3.6
    Affected: >=14.4, <14.4.4
    Affected: >=14.5, <14.5.2
    Create a notification for this product.
    Credits
    This vulnerability has been discovered internally by the GitLab team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:20:34.025Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39939.json"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e=13.7, \u003c14.3.6"
                },
                {
                  "status": "affected",
                  "version": "\u003e=14.4, \u003c14.4.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e=14.5, \u003c14.5.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This vulnerability has been discovered internally by the GitLab team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Uncontrolled resource consumption in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-13T15:48:02.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39939.json"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@gitlab.com",
              "ID": "CVE-2021-39939",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GitLab Runner",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e=13.7, \u003c14.3.6"
                              },
                              {
                                "version_value": "\u003e=14.4, \u003c14.4.4"
                              },
                              {
                                "version_value": "\u003e=14.5, \u003c14.5.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GitLab"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This vulnerability has been discovered internally by the GitLab team"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Uncontrolled resource consumption in GitLab Runner"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630"
                },
                {
                  "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39939.json",
                  "refsource": "CONFIRM",
                  "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39939.json"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2021-39939",
        "datePublished": "2021-12-13T15:48:02.000Z",
        "dateReserved": "2021-08-23T00:00:00.000Z",
        "dateUpdated": "2024-08-04T02:20:34.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13327 (GCVE-0-2020-13327)

    Vulnerability from cvelistv5 – Published: 2020-10-22 20:05 – Updated: 2024-08-04 12:18
    VLAI
    Summary
    An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments
    CWE
    • Configuration in GitLab Runner
    Assigner
    References
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: >=13.4.0, <13.4.2
    Affected: >=13.3.0, <13.3.7
    Affected: >=13.2.0, <13.2.10
    Create a notification for this product.
    Credits
    This vulnerability has been discovered internally by the GitLab team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:18:17.093Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e=13.4.0, \u003c13.4.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.3.0, \u003c13.3.7"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.2.0, \u003c13.2.10"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This vulnerability has been discovered internally by the GitLab team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Configuration in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-22T20:05:58.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@gitlab.com",
              "ID": "CVE-2020-13327",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GitLab Runner",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e=13.4.0, \u003c13.4.2"
                              },
                              {
                                "version_value": "\u003e=13.3.0, \u003c13.3.7"
                              },
                              {
                                "version_value": "\u003e=13.2.0, \u003c13.2.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GitLab"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "This vulnerability has been discovered internally by the GitLab team"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Configuration in GitLab Runner"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833"
                },
                {
                  "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json",
                  "refsource": "CONFIRM",
                  "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2020-13327",
        "datePublished": "2020-10-22T20:05:58.000Z",
        "dateReserved": "2020-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:18:17.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13347 (GCVE-0-2020-13347)

    Vulnerability from cvelistv5 – Published: 2020-10-07 13:14 – Updated: 2024-08-04 12:18
    VLAI
    Summary
    A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable.
    CWE
    • Improper neutralization of special elements used in a command ('command injection') in GitLab Runner
    Assigner
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: >=12.0.0, <13.2.4
    Affected: >=13.3.0, <13.3.2
    Affected: >=13.4.0, <13.4.1
    Create a notification for this product.
    Credits
    Thanks [ajxchapman](https://hackerone.com/ajxchapman) for reporting this vulnerability through our HackerOne bug bounty program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:18:17.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26725"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/955016"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13347.json"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e=12.0.0, \u003c13.2.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.3.0, \u003c13.3.2"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.4.0, \u003c13.4.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks [ajxchapman](https://hackerone.com/ajxchapman) for reporting this vulnerability through our HackerOne bug bounty program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-07T13:14:16.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26725"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/955016"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13347.json"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@gitlab.com",
              "ID": "CVE-2020-13347",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GitLab Runner",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e=12.0.0, \u003c13.2.4"
                              },
                              {
                                "version_value": "\u003e=13.3.0, \u003c13.3.2"
                              },
                              {
                                "version_value": "\u003e=13.4.0, \u003c13.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GitLab"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks [ajxchapman](https://hackerone.com/ajxchapman) for reporting this vulnerability through our HackerOne bug bounty program"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper neutralization of special elements used in a command (\u0027command injection\u0027) in GitLab Runner"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26725",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26725"
                },
                {
                  "name": "https://hackerone.com/reports/955016",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/955016"
                },
                {
                  "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13347.json",
                  "refsource": "CONFIRM",
                  "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13347.json"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2020-13347",
        "datePublished": "2020-10-07T13:14:16.000Z",
        "dateReserved": "2020-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:18:17.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-13295 (GCVE-0-2020-13295)

    Vulnerability from cvelistv5 – Published: 2020-08-10 13:32 – Updated: 2024-08-04 12:11
    VLAI
    Summary
    For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
    CWE
    • Server-side request forgery (ssrf) in GitLab Runner
    Assigner
    Impacted products
    Vendor Product Version
    GitLab GitLab Runner Affected: >=1.0, <13.0.12
    Affected: >=13.1, <13.1.6
    Affected: >=13.2, <13.2.3
    Create a notification for this product.
    Credits
    Thanks [@lucash-dev](https://hackerone.com/lucash-dev) for reporting this vulnerability through our HackerOne bug bounty program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:11:19.550Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/809248"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GitLab Runner",
              "vendor": "GitLab",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e=1.0, \u003c13.0.12"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.1, \u003c13.1.6"
                },
                {
                  "status": "affected",
                  "version": "\u003e=13.2, \u003c13.2.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks [@lucash-dev](https://hackerone.com/lucash-dev) for reporting this vulnerability through our HackerOne bug bounty program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Server-side request forgery (ssrf) in GitLab Runner",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-10T13:32:12.000Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/809248"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@gitlab.com",
              "ID": "CVE-2020-13295",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GitLab Runner",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003e=1.0, \u003c13.0.12"
                              },
                              {
                                "version_value": "\u003e=13.1, \u003c13.1.6"
                              },
                              {
                                "version_value": "\u003e=13.2, \u003c13.2.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GitLab"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks [@lucash-dev](https://hackerone.com/lucash-dev) for reporting this vulnerability through our HackerOne bug bounty program"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Server-side request forgery (ssrf) in GitLab Runner"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096",
                  "refsource": "MISC",
                  "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/209096"
                },
                {
                  "name": "https://hackerone.com/reports/809248",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/809248"
                },
                {
                  "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json",
                  "refsource": "CONFIRM",
                  "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2020-13295",
        "datePublished": "2020-08-10T13:32:12.000Z",
        "dateReserved": "2020-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T12:11:19.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }