CVE-2022-2251
Description
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.
References
Permissions RequiredThird Party Advisory
Vendor Advisory
ExploitIssue TrackingVendor Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics