Lucene search
K

228 matches found

OSV
OSV
added 2024/03/06 11:13 a.m.27 views

BIT-GITLAB-2022-4201

A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...

5.3CVSS4.2AI score0.00546EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 10:52 a.m.22 views

BIT-GITLAB-RUNNER-2020-13327

An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments...

7.5CVSS7.2AI score0.00706EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:52 a.m.22 views

BIT-GITLAB-RUNNER-2022-2251

Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that othe...

8CVSS6.1AI score0.01165EPSS
Exploits1References4
Chainguard
Chainguard
added 2024/03/05 11:15 p.m.76 views

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: sops, volume-modifier-for-k8s, bank-vaults-fips, k8ssandra-operator-fips, rclone, flux-image-reflector-controller, spire-server-fips, certificate-transparency-fips, crossplane, mc, hugo, volume-modifier-for-k8s-fips, vault-csi-provider, tekton-chains,...

7.5CVSS6.7AI score0.01262EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/01/03 12:0 a.m.30 views

GitLab 13.7 < 14.3.4 / 14.4 < 14.4.2 / 14.5 < 14.5.2 (CVE-2021-39939)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from...

6.5CVSS6.6AI score0.00907EPSS
Exploits0References2
Chainguard
Chainguard
added 2023/10/11 10:15 p.m.2957 views

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: pulumi-language-dotnet, cosign, aws-load-balancer-controller, vertical-pod-autoscaler, dive, nri-prometheus, bank-vaults-fips, caddy, prometheus-elasticsearch-exporter-fips, slsa-verifier, flux-image-reflector-controller, aws-efs-csi-driver-fips, gobuster,...

7.5CVSS6.7AI score0.03796EPSS
Exploits0
Wolfi
Wolfi
added 2023/10/11 10:15 p.m.110 views

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: coredns, skaffold, aws-load-balancer-controller, node-problem-detector, git-lfs, terraform, weaviate, gke-gcloud-auth-plugin, minio, bom, dex, kube-fluentd-operator, prometheus-blackbox-exporter, thanos-operator, trust-manager, cosign, kubevela,...

7.5CVSS6.7AI score0.03796EPSS
Exploits0
Wolfi
Wolfi
added 2023/10/10 9:28 p.m.43 views

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: coredns, skaffold, node-problem-detector, git-lfs, terraform, weaviate, gke-gcloud-auth-plugin, minio, bom, ko, dex, prometheus-blackbox-exporter, cosign, kubevela, rqlite, hey, flux-kustomize-controller, gomplate, grype, kpt, nats, fuse-overlayfs-snapshotter,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2023/10/10 2:15 p.m.1577 views

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: coredns, skaffold, node-problem-detector, git-lfs, terraform, weaviate, gke-gcloud-auth-plugin, minio, bom, ko, dex, prometheus-blackbox-exporter, cosign, kubevela, rqlite, hey, flux-kustomize-controller, gomplate, grype, kpt, nats, fuse-overlayfs-snapshotter,...

7.5CVSS7.1AI score0.99999EPSS
Exploits19
Veracode
Veracode
added 2023/08/07 12:12 a.m.26 views

Server-Side Request Forgery (SSRF)

gitlab is vulnerable to Server-Side Request Forgery SSRF. The vulnerability exists in web terminal advertiseaddress which allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...

5.3CVSS6.3AI score0.00546EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/01/27 10:15 p.m.25 views

CVE-2022-4201

A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...

5.3CVSS4.5AI score0.00546EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/01/27 12:0 a.m.31 views

CVE-2022-4201

A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...

3.5CVSS5.5AI score0.00546EPSS
Exploits1References2
Veracode
Veracode
added 2023/01/18 2:17 a.m.26 views

Command Injection

github.com/gitlabhq/gitlab-runner is vulnerable to Command Injection. The vulnerability exists because the library does not properly escape user input commands, allowing an attacker to create a branch with a specially crafted name and get another user to trigger a pipeline to execute commands in...

8CVSS7.9AI score0.01165EPSS
Exploits1References5Affected Software3
NVD
NVD
added 2023/01/17 9:15 p.m.19 views

CVE-2022-2251

Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that othe...

8CVSS6.2AI score0.01165EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2023/01/17 9:15 p.m.26 views

CVE-2022-2251

Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that othe...

8CVSS7.2AI score0.01165EPSS
Exploits1References1
Prion
Prion
added 2023/01/17 9:15 p.m.19 views

Design/Logic Flaw

Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that othe...

6CVSS7.7AI score0.01165EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/01/17 9:15 p.m.2 views

UBUNTU-CVE-2022-2251

Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that othe...

8CVSS7.3AI score0.01165EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/01/17 12:0 a.m.18 views

CVE-2022-2251

Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that othe...

4.8CVSS8AI score0.01165EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.2 views

PT-2023-12704 · Gitlab · Gitlab Runner +1

Name of the Vulnerable Software and Affected Versions: GitLab Runner versions prior to 15.3.5 GitLab Runner versions 15.4 prior to 15.4.4 GitLab Runner versions 15.5 prior to 15.5.2 Description: The issue is caused by improper sanitization of branch names, allowing a user to create a branch with ...

8CVSS7AI score0.01165EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2023/01/17 12:0 a.m.7 views

CVE-2022-2251

Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that othe...

4.8CVSS7.2AI score0.01165EPSS
Exploits1References3
Rows per page
Query Builder