CVE-2020-13327

6MEDIUM

Key Information:

Vendor
Gitlab
Status
Gitlab Runner
Vendor
CVE Published:
22 October 2020

Summary

An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments

Affected Version(s)

GitLab Runner >=13.4.0, <13.4.2 < 13.4.0, 13.4.2

GitLab Runner >=13.3.0, <13.3.7 < 13.3.0, 13.3.7

GitLab Runner >=13.2.0, <13.2.10 < 13.2.0, 13.2.10

References

https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833
x_refsource_MISC
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE...
x_refsource_CONFIRM

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

This vulnerability has been discovered internally by the GitLab team
.