) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:gitlab:runner:12.9.0:rc1:*:*:*:*:*:*
- CPE Name Search: true
There are 2 matching records.
Displaying matches 1 through 2.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-2251 |
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user. Published: January 17, 2023; 4:15:12 PM -0500 |
V3.1: 8.0 HIGH V2.0:(not available) |
| CVE-2020-13295 |
For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. Published: August 10, 2020; 10:15:13 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |