CVE-2020-13295: SSRF
First published: Mon Aug 10 2020(Updated: )
For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab Runner | >=1.0<13.0.12 | |
| GitLab Runner | >=13.1<13.1.6 | |
| GitLab Runner | >=13.2<13.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this GitLab Runner vulnerability?
The vulnerability ID for this GitLab Runner vulnerability is CVE-2020-13295.
What is the severity of CVE-2020-13295?
The severity of CVE-2020-13295 is high with a severity value of 8.8.
Which versions of GitLab Runner are affected by CVE-2020-13295?
GitLab Runner versions before 13.0.12, 13.1.6, 13.2.3 are affected by CVE-2020-13295.
What is the vulnerability description of CVE-2020-13295?
CVE-2020-13295 is a vulnerability in GitLab Runner where the Shared Runner is susceptible to SSRF by replacing dockerd with a malicious server.
How can I fix CVE-2020-13295?
To fix CVE-2020-13295, update GitLab Runner to version 13.0.12, 13.1.6, or 13.2.3 or later.
- collector/nvd-index
- agent/weakness
- vendor/gitlab
- canonical/gitlab runner
- version/gitlab runner/1.0
- version/gitlab runner/13.1
- version/gitlab runner/13.2