2 matches found
CVE-2022-2251
GitLab Runner (GitLab) suffers from an OS command injection due to improper sanitization/cleanup of branch names. A user can create a specially crafted branch name and cause another user’s pipeline to execute commands in the runner as that user. Affected versions are prior to 15.3.5, 15.4 prior t...
CVE-2020-13295
CVE-2020-13295 affects GitLab Runner prior to 13.0.12, 13.1.6, and 13.2.3. The vulnerability arises when dockerd is replaced with a malicious server, allowing Shared Runners to be susceptible to SSRF. The connected sources (OSV, NVD/NVD-derived entries, and related ecosystem advisories) confirm t...