CVE-2020-13327

Description

An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Affected products

gitlab / GitLab Runner>=13.4.0, <13.4.2 – >=13.4.0, <13.4.2
gitlab / GitLab Runner>=13.3.0, <13.3.7 – >=13.3.0, <13.3.7
gitlab / GitLab Runner>=13.2.0, <13.2.10 – >=13.2.0, <13.2.10

References

MISChttps://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833
MISChttps://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json