228 matches found
BIT-GITLAB-2022-4201
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...
BIT-GITLAB-RUNNER-2020-13327
An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments...
BIT-GITLAB-RUNNER-2022-2251
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that othe...
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: sops, volume-modifier-for-k8s, bank-vaults-fips, k8ssandra-operator-fips, rclone, flux-image-reflector-controller, spire-server-fips, certificate-transparency-fips, crossplane, mc, hugo, volume-modifier-for-k8s-fips, vault-csi-provider, tekton-chains,...
GitLab 13.7 < 14.3.4 / 14.4 < 14.4.2 / 14.5 < 14.5.2 (CVE-2021-39939)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from...
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: pulumi-language-dotnet, cosign, aws-load-balancer-controller, vertical-pod-autoscaler, dive, nri-prometheus, bank-vaults-fips, caddy, prometheus-elasticsearch-exporter-fips, slsa-verifier, flux-image-reflector-controller, aws-efs-csi-driver-fips, gobuster,...
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: coredns, skaffold, aws-load-balancer-controller, node-problem-detector, git-lfs, terraform, weaviate, gke-gcloud-auth-plugin, minio, bom, dex, kube-fluentd-operator, prometheus-blackbox-exporter, thanos-operator, trust-manager, cosign, kubevela,...
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: coredns, skaffold, node-problem-detector, git-lfs, terraform, weaviate, gke-gcloud-auth-plugin, minio, bom, ko, dex, prometheus-blackbox-exporter, cosign, kubevela, rqlite, hey, flux-kustomize-controller, gomplate, grype, kpt, nats, fuse-overlayfs-snapshotter,...
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: coredns, skaffold, node-problem-detector, git-lfs, terraform, weaviate, gke-gcloud-auth-plugin, minio, bom, ko, dex, prometheus-blackbox-exporter, cosign, kubevela, rqlite, hey, flux-kustomize-controller, gomplate, grype, kpt, nats, fuse-overlayfs-snapshotter,...
Server-Side Request Forgery (SSRF)
gitlab is vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists in web terminal advertiseaddress which allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...
CVE-2022-4201
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...
CVE-2022-4201
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...
Command Injection
github.com/gitlabhq/gitlab-runner is vulnerable to Command Injection. The vulnerability exists because the library does not properly escape user input commands, allowing an attacker to create a branch with a specially crafted name and get another user to trigger a pipeline to execute commands in...
CVE-2022-2251
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that othe...
CVE-2022-2251
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that othe...
Design/Logic Flaw
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that othe...
UBUNTU-CVE-2022-2251
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that othe...
CVE-2022-2251
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that othe...
PT-2023-12704 · Gitlab · Gitlab Runner +1
Name of the Vulnerable Software and Affected Versions: GitLab Runner versions prior to 15.3.5 GitLab Runner versions 15.4 prior to 15.4.4 GitLab Runner versions 15.5 prior to 15.5.2 Description: The issue is caused by improper sanitization of branch names, allowing a user to create a branch with ...
CVE-2022-2251
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that othe...