For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
2020-08-10T14:15:13.047
2024-11-21T05:00:58.400
Modified
CVSSv3.1: 5.4 (MEDIUM)
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | gitlab | runner | < 13.0.12 | Yes |
Application | gitlab | runner | < 13.1.6 | Yes |
Application | gitlab | runner | < 13.2.3 | Yes |