Lucene search
K

228 matches found

Hacker One
Hacker One
added 2020/08/10 3:8 p.m.53 views

GitLab: GitLab-Runner on Windows `DOCKER_AUTH_CONFIG` container host Command Injection

Summary GitLab-Runner, when running on Windows with a docker executor, is vulnerable to Command Injection via the DOCKERAUTHCONFIG build variable. Injected commands are executed on the container host, not within a Docker container, as such could compromise all future builds which are executed by...

2.1AI score
Exploits0
OSV
OSV
added 2020/08/10 2:15 p.m.25 views

CVE-2020-13295

For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF...

8.8CVSS6.6AI score0.01158EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2020/08/10 2:15 p.m.28 views

CVE-2020-13295

For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF...

8.8CVSS7.2AI score0.01158EPSS
Exploits0References5
OSV
OSV
added 2020/08/10 2:15 p.m.2 views

UBUNTU-CVE-2020-13295

For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF...

8.8CVSS7.3AI score0.01158EPSS
Exploits0References6
CVE
CVE
added 2020/08/10 1:32 p.m.63 views

CVE-2020-13295

CVE-2020-13295 affects GitLab Runner prior to 13.0.12, 13.1.6, and 13.2.3. The vulnerability arises when dockerd is replaced with a malicious server, allowing Shared Runners to be susceptible to SSRF. The connected sources (OSV, NVD/NVD-derived entries, and related ecosystem advisories) confirm t...

8.8CVSS8.4AI score0.01158EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2020/08/10 1:32 p.m.19 views

CVE-2020-13295

Removed by vendor...

8.8CVSS8.5AI score0.01158EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/08/10 12:0 a.m.3 views

PT-2020-13436 · Gitlab · Gitlab Runner +1

Name of the Vulnerable Software and Affected Versions: GitLab Runner versions prior to 13.0.12 GitLab Runner versions prior to 13.1.6 GitLab Runner versions prior to 13.2.3 Description: The issue allows for Server-Side Request Forgery SSRF by replacing dockerd with a malicious server, making the...

8.8CVSS8.7AI score0.01158EPSS
Exploits0References12
CNVD
CNVD
added 2018/03/22 12:0 a.m.2 views

Gitlab GitLab CI runner component path traversal vulnerability

GitLab is a set of Ruby on Rails development of open source applications , can be realized as a self-hosted Git version control system project repository , which has similar features to Github , you can access the project's file content , commit history , bug lists , etc. GitLab Community Edition...

8.8CVSS7.2AI score0.04609EPSS
Exploits0References1
Rows per page
Query Builder