Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab runner vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2022-2228
Information exposure in GitLab EE affecting all versions from 12.0 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner ...
Gitlab Gitlab 15.1.0
Gitlab Gitlab
668
VMScore
CVE-2022-0735
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 prior to 14.6.5, all versions starting from 14.7 prior to 14.7.4, all versions starting from 14.8 prior to 14.8.2. An unauthorised user was able to steal runner registration tokens through an ...
Gitlab Gitlab
490
VMScore
CVE-2019-15721
An issue exists in GitLab Community and Enterprise Edition 10.8 up to and including 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.
Gitlab Gitlab
383
VMScore
CVE-2020-13350
CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9.
Gitlab Gitlab
356
VMScore
CVE-2022-1099
Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions before 14.7.7, 14.8 before 14.8.5, and 14.9 before 14.9.2 allows an malicious user to impact the performance of GitLab
Gitlab Gitlab
NA
CVE-2023-2478
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 15.9.7, all versions starting from 15.10 prior to 15.10.6, all versions starting from 15.11 prior to 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a G...
Gitlab Gitlab
445
VMScore
CVE-2018-20500
An insecure permissions issue exists in GitLab Community and Enterprise Edition 9.4 and later but prior to 11.4.13, 11.5.x prior to 11.5.6, and 11.6.x prior to 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the m...
Gitlab Gitlab
578
VMScore
CVE-2017-0918
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
Gitlab Gitlab
Debian Debian Linux 9.0
668
VMScore
CVE-2017-0915
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
Gitlab Gitlab
Debian Debian Linux 9.0
383
VMScore
CVE-2017-0917
Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting.
Gitlab Gitlab
Debian Debian Linux 9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »