CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-2251
https://notcve.org/view.php?id=CVE-2022-2251
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386 https://hackerone.com/reports/1063511 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-13295
https://notcve.org/view.php?id=CVE-2020-13295
For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. Para GitLab Runner versiones anteriores a 13.0.12, 13.1.6, 13.2.3, al reemplazar dockerd con un servidor malicioso, Shared Runner es susceptible a un ataque de tipo CSRF • https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json https://gitlab.com/gitlab-org/gitlab/-/issues/209096 https://hackerone.com/reports/809248 • CWE-918: Server-Side Request Forgery (SSRF) •