CVE-2022-2251

Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.
References
Link Resource
https://hackerone.com/reports/1063511 Permissions Required Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386 Exploit Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:*
cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:*

History

25 Jan 2023, 03:34

Type Values Removed Values Added
CPE cpe:2.3:a:gitlab:runner:*:*:*:*:*:*:*:*
References (MISC) https://hackerone.com/reports/1063511 - (MISC) https://hackerone.com/reports/1063511 - Permissions Required, Third Party Advisory
References (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json - (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2251.json - Vendor Advisory
References (MISC) https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386 - (MISC) https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27386 - Exploit, Issue Tracking, Vendor Advisory
CWE CWE-77
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.0
First Time Gitlab runner
Gitlab

17 Jan 2023, 23:01

Type Values Removed Values Added
New CVE

Information

Published : 2023-01-17 21:15

Updated : 2023-01-25 03:34


NVD link : CVE-2022-2251

Mitre link : CVE-2022-2251


JSON object : View

Products Affected

gitlab

  • runner
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')