CVE-2022-2251

4.8MEDIUM

Key Information:

Vendor: Gitlab
Status: Gitlab Runner
Vendor: CVE Published:; 17 January 2023

Summary

Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.

Affected Version(s)

GitLab Runner <15.3.5 < 15.3.5

GitLab Runner >=15.4, <15.4.4 < 15.4, 15.4.4

GitLab Runner >=15.5, <15.5.2 < 15.5, 15.5.2

References

https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386

https://hackerone.com/reports/1063511

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE...

EPSS Score

2% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 17, 2023
Vulnerability Reserved
Jun 29, 2022

Collectors

NVD DatabaseMitre Database

Credit

Thanks [stanlyoncm](https://hackerone.com/stanlyoncm) for reporting this vulnerability through our HackerOne bug bounty program