Critical GitLab Vulnerability Could Allow Attackers To Steal Runner Registration Tokens

By   ISBuzz Team
Writer , Information Security Buzz | Mar 03, 2022 12:37 pm PST

It has been reported that critical vulnerability in both GitLab Community and Enterprise Edition could enable an attacker to steal runner registration tokens. The vulnerability, which affects all versions from 12.10 to 14.6.4, all versions starting from 14.7 to 14.7.3, and all versions starting from 14.8 to 14.8.1, was announced in a security advisory from GitLab. If exploited, an unauthorized user is able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands. It has been assigned a CVSS score of 9.6 and has been patched in the latest releases: 14.8.2, 14.7.4, and 14.6.5 for GitLab Community Edition (CE) and Enterprise Edition (EE).