Gitlab Runner
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab_runner:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab Runner (38b8c210-7da7-5bfa-83cd-f7ef3d7fc064) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/gitlabhq/gitlab-runner |
purl2cpe | 2026-06-01 10:14:46.819819 |
pkg:github/janwillies/gitlab-runner |
purl2cpe | 2026-06-01 10:14:46.819821 |
pkg:github/lunixbochs/gitlab-runner |
purl2cpe | 2026-06-01 10:14:46.819823 |
pkg:gitlab/gitlab-org/gitlab-runner |
purl2cpe | 2026-06-01 10:14:46.819824 |
pkg:rpm/opensuse/gitlab-runner |
purl2cpe | 2026-06-01 10:14:46.819825 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-2251 |
vulnerable | 2026-06-03 14:47:05.835982 |
Details available
MEDIUM (4.8)
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.
Published: 2023-01-17T00:00:00.000Z
Updated: 2025-04-08T18:20:55.756Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39947 |
vulnerable | 2026-06-03 14:45:09.880029 |
Details available
MEDIUM (5.3)
In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs
Published: 2022-06-06T16:48:14.000Z
Updated: 2024-08-04T02:20:34.198Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-39939 |
vulnerable | 2026-06-03 14:45:09.876753 |
Details available
MEDIUM (6.5)
An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager
Published: 2021-12-13T15:48:02.000Z
Updated: 2024-08-04T02:20:34.025Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13347 |
vulnerable | 2026-06-03 14:41:36.556179 |
Details available
CRITICAL (9.1)
A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable.
Published: 2020-10-07T13:14:16.000Z
Updated: 2024-08-04T12:18:17.532Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13327 |
vulnerable | 2026-06-03 14:41:36.539697 |
Details available
MEDIUM (6)
An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments
Published: 2020-10-22T20:05:58.000Z
Updated: 2024-08-04T12:18:17.093Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13295 |
vulnerable | 2026-06-03 14:41:36.527544 |
Details available
MEDIUM (5.4)
For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
Published: 2020-08-10T13:32:12.000Z
Updated: 2024-08-04T12:11:19.550Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.