An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project.
2023-05-08T21:15:10.997
2025-01-29T18:15:44.907
Modified
CVSSv3.1: 9.6 (CRITICAL)
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | gitlab | gitlab | < 15.9.7 | Yes |
Application | gitlab | gitlab | < 15.9.7 | Yes |
Application | gitlab | gitlab | < 15.10.6 | Yes |
Application | gitlab | gitlab | < 15.10.6 | Yes |
Application | gitlab | gitlab | < 15.11.2 | Yes |
Application | gitlab | gitlab | < 15.11.2 | Yes |