GCVE - cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Runner (`ef9a0ce5-865b-5a6c-b3ba-b2c7f279002c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:docker/gitlab/gitlab-runner`	purl2cpe	2026-06-01 10:14:46.622734
`pkg:github/gitlabhq/gitlab-runner`	purl2cpe	2026-06-01 10:14:46.622736
`pkg:gitlab/gitlab-org/gitlab-runner`	purl2cpe	2026-06-01 10:14:46.622738
`pkg:rpm/opensuse/gitlab-runner`	purl2cpe	2026-06-01 10:14:46.622739

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-2251`	vulnerable	2026-06-03 14:47:05.836647	Details available MEDIUM (4.8) Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user. Published: 2023-01-17T00:00:00.000Z Updated: 2025-04-08T18:20:55.756Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386 https://hackerone.com/reports/1063511 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-13327`	vulnerable	2026-06-03 14:41:36.539727	Details available MEDIUM (6) An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments Published: 2020-10-22T20:05:58.000Z Updated: 2024-08-04T12:18:17.093Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-13295`	vulnerable	2026-06-03 14:41:36.528131	Details available MEDIUM (5.4) For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. Published: 2020-08-10T13:32:12.000Z Updated: 2024-08-04T12:11:19.550Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/209096 https://hackerone.com/reports/809248 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13295.json	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.