Skip to content
  • Home

Cybernoz – Cybersecurity News

Search

GitLab – GitLab-Runner on Windows `DOCKER_AUTH_CONFIG` container host Command Injection

 Cybernoz  May 8, 2024  Posted in Mix

GitLab - GitLab-Runner on Windows `DOCKER_AUTH_CONFIG` container host Command Injection

HackerOne bug report to GitLab: GitLab-Runner, when running on Windows with a docker executor, is vulnerable to Command Injection via the DOCKER_AUTH_CONFIG build variable. Injected commands are executed on the container host, not within a Docker container, as such could compromise all future builds which are executed by the runner.



Source link

Post navigation

LockBit gang claimed responsibility for the attack on City of Wichita →
← IntelBroker Hacker Claims Breach of Top Cybersecurity Firm, Selling Access

Latest Posts

  • WA man jailed for at least five years for evil twin attack
  • Sydney Metro looking to appoint temporary CIO
  • SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 73
  • Security Affairs newsletter Round 552 by Pierluigi Paganini – INTERNATIONAL EDITION
  • Quttera Launches “Evidence-as-Code” API to Automate Security Compliance for SOC 2 and PCI DSS v4.0

Copyright © 2025 Cybernoz - Cybersecurity News

Design by ThemesDNA.com