CVE-2021-39947

CWE-200 — Information Exposure6 documents5 sources

Severity

7.5HIGH

EPSS

0.2%

top 60.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Gitlab Runner

Timeline

PublishedJun 6

Latest updateAug 24

Description

In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

▶NVDgitlab/gitlab_runner14.4.0 — 14.4.2+2

▶CVEListV5gitlab/gitlab_runner<14.3.4, >=14.4, <14.4.2, >=14.5, <14.5.2+2

Patches

Patch: gitlab.com ↗Patch: gitlab.com ↗

🔴Vulnerability Details

OSV

fastdds vulnerabilities↗2023-08-24

▶

GHSA

GHSA-hwx9-v7rw-v3qm: In specific circumstances, trace file buffers in GitLab Runner versions up to 14↗2022-06-07

▶

OSV

CVE-2021-39947: In specific circumstances, trace file buffers in GitLab Runner versions up to 14↗2022-06-06

▶

CVEList

CVE-2021-39947: In specific circumstances, trace file buffers in GitLab Runner versions up to 14↗2022-06-06

▶

📋Vendor Advisories

GitLab

CVE-2021-39947: In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descrip↗2022-06-06

▶