PT-2020-13488 · Gitlab · Gitlab Runner+1
Published
2020-10-07
·
Updated
2024-03-06
·
CVE-2020-13347
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Gitlab runner versions prior to 13.2.4
Gitlab runner versions prior to 13.3.2
Gitlab runner versions prior to 13.4.1
Description
A command injection issue was discovered. When the runner is configured on a Windows system with a docker executor, it allows an attacker to run arbitrary commands on the Windows host via the
DOCKER AUTH CONFIG build variable.Recommendations
For versions prior to 13.2.4, update to version 13.2.4 or later.
For versions prior to 13.3.2, update to version 13.3.2 or later.
For versions prior to 13.4.1, update to version 13.4.1 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Runner