Lucene search
Veracode Vulnerability DatabaseVERACODE:38902HistoryJan 18, 2023 - 2:17 a.m.
Command Injection
2023-01-1802:17:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
gitlab-runner
command injection
vulnerability
user input
pipeline
runner
EPSS
0.005
Percentile
77.8%
github.com/gitlabhq/gitlab-runner is vulnerable to Command Injection. The vulnerability exists because the library does not properly escape user input commands, allowing an attacker to create a branch with a specially crafted name and get another user to trigger a pipeline to execute commands in the runner as that other user.
Related
patchstack
patchstack
debiancve
debiancve
CVE-2022-2251
2023-01-17 21:15:12
prion
prion
Design/Logic Flaw
2023-01-17 21:15:00
osv
osv
BIT-gitlab-runner-2022-2251
2024-03-06 10:52:15
CVE-2022-2251
2023-01-17 21:15:12
nvd
nvd
CVE-2022-2251
2023-01-17 21:15:12
cve
cve
CVE-2022-2251
2023-01-17 21:15:12
ubuntucve
ubuntucve
CVE-2022-2251
2023-01-17 00:00:00
wpvulndb
wpvulndb
AnyMind Widget <= 1.1 - Stored Cross-Site Scripting via CSRF
2022-07-05 00:00:00
cvelist
cvelist
CVE-2022-2251
2023-01-17 00:00:00
nessus
nessus
GitLab 0.0 < 15.3.5 / 15.4 < 15.4.4 / 15.5 < 15.5.2 (CVE-2022-2251)
2022-11-04 00:00:00
freebsd
freebsd
Gitlab -- Multiple vulnerabilities
2022-11-02 00:00:00