228 matches found
GitLab: GitLab-Runner on Windows `DOCKER_AUTH_CONFIG` container host Command Injection
Summary GitLab-Runner, when running on Windows with a docker executor, is vulnerable to Command Injection via the DOCKERAUTHCONFIG build variable. Injected commands are executed on the container host, not within a Docker container, as such could compromise all future builds which are executed by...
CVE-2020-13295
For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF...
CVE-2020-13295
For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF...
UBUNTU-CVE-2020-13295
For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF...
CVE-2020-13295
CVE-2020-13295 affects GitLab Runner prior to 13.0.12, 13.1.6, and 13.2.3. The vulnerability arises when dockerd is replaced with a malicious server, allowing Shared Runners to be susceptible to SSRF. The connected sources (OSV, NVD/NVD-derived entries, and related ecosystem advisories) confirm t...
CVE-2020-13295
Removed by vendor...
PT-2020-13436 · Gitlab · Gitlab Runner +1
Name of the Vulnerable Software and Affected Versions: GitLab Runner versions prior to 13.0.12 GitLab Runner versions prior to 13.1.6 GitLab Runner versions prior to 13.2.3 Description: The issue allows for Server-Side Request Forgery SSRF by replacing dockerd with a malicious server, making the...
Gitlab GitLab CI runner component path traversal vulnerability
GitLab is a set of Ruby on Rails development of open source applications , can be realized as a self-hosted Git version control system project repository , which has similar features to Github , you can access the project's file content , commit history , bug lists , etc. GitLab Community Edition...