Command Injection Vulnerability in GitLab Runner on Windows Systems
CVE-2020-13347

9.1CRITICAL

Key Information:

Vendor
Gitlab
Status
Gitlab Runner
Vendor
CVE Published:
7 October 2020

Summary

A command injection vulnerability exists in GitLab Runner when configured on Windows systems with a Docker executor. This flaw allows an attacker to execute arbitrary commands on the Windows host system by exploiting the DOCKER_AUTH_CONFIG build variable. If implemented incorrectly, the configuration could lead to unauthorized access and complete control over the system, underscoring the importance of applying the latest updates to prevent potential exploitation.

Affected Version(s)

GitLab Runner >=12.0.0, <13.2.4 < 12.0.0, 13.2.4

GitLab Runner >=13.3.0, <13.3.2 < 13.3.0, 13.3.2

GitLab Runner >=13.4.0, <13.4.1 < 13.4.0, 13.4.1

References

https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26725
x_refsource_MISC
https://hackerone.com/reports/955016
x_refsource_MISC
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Thanks [ajxchapman](https://hackerone.com/ajxchapman) for reporting this vulnerability through our HackerOne bug bounty program
.