CVE-2020-13347

9.1CRITICAL

Key Information:

Vendor: Gitlab
Status: Gitlab Runner
Vendor: CVE Published:; 7 October 2020

Summary

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable.

Affected Version(s)

GitLab Runner >=12.0.0, <13.2.4 < 12.0.0, 13.2.4

GitLab Runner >=13.3.0, <13.3.2 < 13.3.0, 13.3.2

GitLab Runner >=13.4.0, <13.4.1 < 13.4.0, 13.4.1

References

https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26725

x_refsource_MISC

https://hackerone.com/reports/955016

x_refsource_MISC

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 7, 2020
Vulnerability Reserved
May 21, 2020

Collectors

NVD DatabaseMitre Database

Credit

Thanks [ajxchapman](https://hackerone.com/ajxchapman) for reporting this vulnerability through our HackerOne bug bounty program