First published: Thu Oct 22 2020(Updated: )
An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab Runner | >=13.2.0<13.2.10 | |
GitLab Runner | >=13.3.0<13.3.7 | |
GitLab Runner | >=13.4.0<13.4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-13327.
The title of this vulnerability is 'Insecure Runner Configuration in Kubernetes Environments'.
All versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, and all versions starting from 13.2.0 before 13.2.10 of GitLab Runner are affected by this vulnerability.
The severity rating of this vulnerability is 7.5 (high).
You can find more information about this vulnerability at the following references: [CVE-2020-13327](https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13327.json), [GitLab Runner Issue #26833](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26833).