CVE-2022-2251

CWE-78 — OS Command Injection CWE-77 — Command Injection CWE-20 — Improper Input Validation7 documents7 sources

Severity

8.0HIGH

EPSS

2.2%

top 15.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Runner Gitlab Gitlab Runner

Timeline

PublishedJan 17

Description

Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDgitlab/runner15.4.0 — 15.4.4+2

▶CVEListV5gitlab/gitlab_runner<15.3.5, >=15.4, <15.4.4, >=15.5, <15.5.2+2

🔴Vulnerability Details

OSV

CVE-2022-2251: Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15↗2023-01-17

▶

GHSA

GHSA-cxfq-cc8j-j2pp: Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15↗2023-01-17

▶

CVEList

CVE-2022-2251: Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15↗2023-01-17

▶

📋Vendor Advisories

GitLab

CVE-2022-2251: Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a↗2023-01-17

▶

CISA

Apache Struts Improper Input Validation Vulnerability↗2022-03-25

▶

Debian

CVE-2022-2251: gitlab - Improper sanitization of branch names in GitLab Runner affecting all versions pr...↗2022

▶