CVE-2020-13295: For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.

high8.8CVSS 3.1

AVNACLPRLUINSUCHIHAH

For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.

8 ranges

Vendor	Product	Version range	Fixed in
gitlab	gitlab	—	—
gitlab	gitlab_runner	—	—
gitlab	gitlab_runner	—	—
gitlab	gitlab_runner	—	—
gitlab	gitlab_runner	—	—
gitlab	runner	>= 1.0 < 13.0.12	13.0.12
gitlab	runner	>= 13.1 < 13.1.6	13.1.6
gitlab	runner	>= 13.2 < 13.2.3	13.2.3

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

osv8.8HIGH