Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2021-39939

HistoryDec 13, 2021 - 4:15 p.m.

CVE-2021-39939

2021-12-1316:15:09

Debian Security Bug Tracker

security-tracker.debian.org

gitlab runner

resource consumption

vulnerability

version 13.7

version 14.3.6

version 14.4.4

version 14.5.2

docker image

exhaust resources

unix

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

35.0%

JSON

An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager

OSVersionArchitecturePackageVersionFilename
Debian999allgitlab-ci-multi-runner< 14.10.1-1gitlab-ci-multi-runner_14.10.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	gitlab-ci-multi-runner	< 14.10.1-1	gitlab-ci-multi-runner_14.10.1-1_all.deb

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

35.0%

JSON

Related for DEBIANCVE:CVE-2021-39939