Server side request forgery (ssrf)

2020-08-1014:15:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%

For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.

CPENameOperatorVersion
runnerge13.2
runnerlt13.2.3
runnerge13.1
runnerlt13.1.6
runnerge1.0
runnerlt13.0.12

Name	Operator	Version
runner	ge	13.2
runner	lt	13.2.3
runner	ge	13.1
runner	lt	13.1.6
runner	ge	1.0
runner	lt	13.0.12

References

gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json

gitlab.com/gitlab-org/gitlab/-/issues/209096

hackerone.com/reports/809248