Skip to main content

Runner

3 CVEs product

Monthly

CVE-2022-39321 CRITICAL PATCH Act Now

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Docker Command Injection Runner
NVD GitHub
CVSS 3.1
9.9
EPSS
1.5%
CVE-2020-13327 HIGH This Week

An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Gitlab Information Disclosure Runner
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-13295 HIGH This Week

For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF Runner
NVD
CVSS 3.1
8.8
EPSS
1.2%
EPSS 1% CVSS 9.9
CRITICAL PATCH Act Now

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Docker Command Injection Runner
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Gitlab Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab SSRF Runner
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy