CVE-2020-13347

gitlab-org/cves

on gitlab

gitlab-org/gitlab-runner

on gitlab

Published

October 7, 2020

Severity

CVSS v3:

9.1 CRITICAL

CVSS v2:

9 HIGH

Description

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable.

References

https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26725
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13347.json
https://hackerone.com/reports/955016

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:gitlab:gitlab:::::community:::*	12.0.0 (including)	13.2.4	*
cpe:2.3:a:gitlab:gitlab:::::enterprise:::*	12.0.0 (including)	13.2.4	*
cpe:2.3:a:gitlab:gitlab:::::community:::*	13.3.0 (including)	13.3.2	*
cpe:2.3:a:gitlab:gitlab:::::enterprise:::*	13.3.0 (including)	13.3.2	*
cpe:2.3:a:gitlab:gitlab:::::community:::*	13.4.0 (including)	13.4.1	*
cpe:2.3:a:gitlab:gitlab:::::enterprise:::*	13.4.0 (including)	13.4.1	*

External Links

NVD - CVE-2020-13347