Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab runner vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2022-2228
Information exposure in GitLab EE affecting all versions from 12.0 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner ...
Gitlab Gitlab 15.1.0
Gitlab Gitlab
7.5
CVSSv2
CVE-2022-0735
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 prior to 14.6.5, all versions starting from 14.7 prior to 14.7.4, all versions starting from 14.8 prior to 14.8.2. An unauthorised user was able to steal runner registration tokens through an ...
Gitlab Gitlab
5.5
CVSSv2
CVE-2019-15721
An issue exists in GitLab Community and Enterprise Edition 10.8 up to and including 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.
Gitlab Gitlab
4.3
CVSSv2
CVE-2020-13350
CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9.
Gitlab Gitlab
4
CVSSv2
CVE-2022-1099
Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions before 14.7.7, 14.8 before 14.8.5, and 14.9 before 14.9.2 allows an malicious user to impact the performance of GitLab
Gitlab Gitlab
NA
CVE-2023-2478
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 15.9.7, all versions starting from 15.10 prior to 15.10.6, all versions starting from 15.11 prior to 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a G...
Gitlab Gitlab
5
CVSSv2
CVE-2018-20500
An insecure permissions issue exists in GitLab Community and Enterprise Edition 9.4 and later but prior to 11.4.13, 11.5.x prior to 11.5.6, and 11.6.x prior to 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the m...
Gitlab Gitlab
6.5
CVSSv2
CVE-2017-0918
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
Gitlab Gitlab
Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2017-0915
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
Gitlab Gitlab
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2017-0917
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.
Gitlab Gitlab
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »