CVE-2020-13347

Published
View on NVD ↗
CVSS v3
9.1
CRITICAL
CVSS v2
9
HIGH
Affected
2
PROJECTS

Description

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable.

gitlab-org/cves
gitlab-org/cves
This project hosts the CVEs that have been assigned by GitLab in its role as a CNA. See https://about.gitlab.com/security/cve/ for more information
GitLabGitLab
22
gitlab-org/gitlab-runner
gitlab-org/gitlab-runner
GitLab Runner is the open source project that is used to run your CI/CD jobs and send the results back to GitLab
GitLabGitLab
2.56K