📦

runner

Vendor: gitlab

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 1 Remote Access

Total CVEs 3 Total Indexed

Avg. EPSS 0.84% Exploit Prob.

Latest CVE CVE-2022-2251 Jan 17

Security Vulnerability Index

Page 1 / 1

4.8 CVSS

CVE-2022-2251

RCE

Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.

EPSS: 2.20%

Severity: MEDIUM

Jan 17, 2023

6.0 CVSS

CVE-2020-13327

An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments

EPSS: 0.11%

Severity: MEDIUM

Oct 22, 2020

5.4 CVSS

CVE-2020-13295

For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.

EPSS: 0.20%

Severity: MEDIUM

Aug 10, 2020

Displaying 3 of 3 Total Entries

Total 1 Sections