Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab runner vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-39947
In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs
Gitlab Gitlab Runner
8.8
CVSSv3
CVE-2020-13295
For GitLab Runner prior to 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
Gitlab Runner
7.5
CVSSv3
CVE-2020-13327
An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 prior to 13.4.2, all versions starting from 13.3.0 prior to 13.3.7, all versions starting from 13.2.0 prior to 13.2.10. Insecure Runner Configuration in Kubernetes Environments
Gitlab Runner
8
CVSSv3
CVE-2022-2251
Improper sanitization of branch names in GitLab Runner affecting all versions before 15.3.5, 15.4 before 15.4.4, and 15.5 before 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner a...
Gitlab Runner
6.5
CVSSv3
CVE-2019-9866
An issue exists in GitLab Community and Enterprise Edition 11.x prior to 11.7.7 and 11.8.x prior to 11.8.3. It allows Information Disclosure.
Gitlab Gitlab
4.3
CVSSv3
CVE-2022-2227
Improper access control in the runner jobs API in GitLab CE/EE affecting all versions before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions
Gitlab Gitlab 15.1.0
Gitlab Gitlab
6.5
CVSSv3
CVE-2020-13310
A vulnerability exists in GitLab runner versions prior to 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service.
Gitlab Gitlab
5.3
CVSSv3
CVE-2022-4201
A blind SSRF in GitLab CE/EE affecting all from 11.3 before 15.4.6, 15.5 before 15.5.5, and 15.6 before 15.6.1 allows an malicious user to connect to local addresses when configuring a malicious GitLab Runner.
Gitlab Gitlab 15.6.0
Gitlab Gitlab
9.1
CVSSv3
CVE-2020-13347
A command injection vulnerability exists in Gitlab runner versions before 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the malicious user to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build v...
Gitlab Gitlab
6.5
CVSSv3
CVE-2021-39939
An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 prior to 14.3.6, all versions starting from 14.4 prior to 14.4.4, all versions starting from 14.5 prior to 14.5.2, allows an attacker triggering a job with a specially cr...
Gitlab Gitlab
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »