214 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-39947
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for...
Linux Distros Unpatched Vulnerability : CVE-2021-39939
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4...
Linux Distros Unpatched Vulnerability : CVE-2020-13347
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system...
Linux Distros Unpatched Vulnerability : CVE-2022-2251
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who...
Linux Distros Unpatched Vulnerability : CVE-2020-13327
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all...
Linux Distros Unpatched Vulnerability : CVE-2020-13295
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. CVE-2020-13295 Note th...
Linux Distros Unpatched Vulnerability : CVE-2020-13310
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending...
Linux Distros Unpatched Vulnerability : CVE-2022-1099
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an...
GHSA-RWWP-3RV3-J6Q6 vulnerabilities
Vulnerabilities for packages: gitlab-runner...
CVE-2024-10219 vulnerabilities
Vulnerabilities for packages: gitlab-runner...
CVE-2024-10219 vulnerabilities
Vulnerabilities for packages: gitlab-runner-fips, gitlab-runner...
GHSA-RWWP-3RV3-J6Q6 vulnerabilities
Vulnerabilities for packages: gitlab-runner-fips, gitlab-runner...
Linux Distros Unpatched Vulnerability : CVE-2022-4201
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local...
Linux Distros Unpatched Vulnerability : CVE-2020-13350
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runner...
CVE-2022-2251
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that othe...
CVE-2022-4201
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...
CVE-2022-1099
Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab...
CVE-2021-39939
An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to...
CVE-2021-39947
In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs...
GHSA-WPXF-3MM2-76F8 vulnerabilities
Vulnerabilities for packages: gitlab-runner...