CVE-2022-2251
on gitlab
on gitlab
Published
Severity
CVSS v3:
8 HIGH
CVSS v2:
N/A
Description
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:* | 15.5.0 (including) | 15.5.2 | * |
cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:* | 15.4.0 (including) | 15.4.4 | * |
cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:* | n/a | 15.3.5 | * |