CVE-2022-2251: OS Command Injection
First published: Tue Jan 17 2023(Updated: )
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab Runner | <15.3.5 | |
| GitLab Runner | >=15.4.0<15.4.4 | |
| GitLab Runner | >=15.5.0<15.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-2251?
CVE-2022-2251 is a vulnerability in GitLab Runner that allows a user to execute commands in the runner as another user by creating a branch with a specially crafted name.
What versions of GitLab Runner are affected by CVE-2022-2251?
All versions of GitLab Runner prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 are affected by CVE-2022-2251.
How can the CVE-2022-2251 vulnerability be exploited?
The CVE-2022-2251 vulnerability can be exploited by creating a branch with a specially crafted name and getting another user to trigger a pipeline.
What is the severity of the CVE-2022-2251 vulnerability?
The severity of the CVE-2022-2251 vulnerability is high with a CVSS score of 8 out of 10.
Where can I find more information about CVE-2022-2251?
You can find more information about CVE-2022-2251 on the GitLab CVE page and the GitLab Runner GitHub issue page.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/gitlab
- canonical/gitlab runner
- version/gitlab runner/15.4.0
- version/gitlab runner/15.5.0