CVE-2022-2251

Published
View on NVD ↗
CVSS v3
4.8
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.

gitlab-org/cves
gitlab-org/cves
This project hosts the CVEs that have been assigned by GitLab in its role as a CNA. See https://about.gitlab.com/security/cve/ for more information
GitLabGitLab
22
gitlab-org/gitlab-runner
gitlab-org/gitlab-runner
GitLab Runner is the open source project that is used to run your CI/CD jobs and send the results back to GitLab
GitLabGitLab
2.56K