Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab runner vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-2228
Information exposure in GitLab EE affecting all versions from 12.0 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner ...
Gitlab Gitlab 15.1.0
Gitlab Gitlab
9.8
CVSSv3
CVE-2022-0735
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 prior to 14.6.5, all versions starting from 14.7 prior to 14.7.4, all versions starting from 14.8 prior to 14.8.2. An unauthorised user was able to steal runner registration tokens through an ...
Gitlab Gitlab
5.4
CVSSv3
CVE-2019-15721
An issue exists in GitLab Community and Enterprise Edition 10.8 up to and including 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.
Gitlab Gitlab
4.3
CVSSv3
CVE-2020-13350
CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9.
Gitlab Gitlab
4.3
CVSSv3
CVE-2022-1099
Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions before 14.7.7, 14.8 before 14.8.5, and 14.9 before 14.9.2 allows an malicious user to impact the performance of GitLab
Gitlab Gitlab
6.5
CVSSv3
CVE-2023-2478
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 15.9.7, all versions starting from 15.10 prior to 15.10.6, all versions starting from 15.11 prior to 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a G...
Gitlab Gitlab
7.5
CVSSv3
CVE-2018-20500
An insecure permissions issue exists in GitLab Community and Enterprise Edition 9.4 and later but prior to 11.4.13, 11.5.x prior to 11.5.6, and 11.6.x prior to 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the m...
Gitlab Gitlab
8.8
CVSSv3
CVE-2017-0918
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
Gitlab Gitlab
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2017-0915
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
Gitlab Gitlab
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2017-0926
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.
Gitlab Gitlab
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »