GitLab

A critical vulnerability discovered in GitLab Community could enable an attacker to steal runner registration tokens.

The vulnerability announced in GitLab security advisory affects all versions.

If this vulnerability is exploited then an unauthorized user can steal runner registration tokens through an information disclosure vulnerability using quick actions commands.

Source: https://portswigger.net/daily-swig/critical-gitlab-vulnerability-could-allow-attackers-to-steal-runner-registration-tokens

TPRM report: https://scoringcyber.rankiteo.com/company/gitlab-com

"id": "git1372322",
"linkid": "gitlab-com",
"type": "Vulnerability",
"date": "03/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Technology',
                        'name': 'GitLab',
                        'type': 'Software Company'}],
 'attack_vector': 'Quick Actions Commands',
 'data_breach': {'type_of_data_compromised': 'Runner Registration Tokens'},
 'description': 'A critical vulnerability discovered in GitLab Community could '
                'enable an attacker to steal runner registration tokens. The '
                'vulnerability announced in GitLab security advisory affects '
                'all versions. If this vulnerability is exploited then an '
                'unauthorized user can steal runner registration tokens '
                'through an information disclosure vulnerability using quick '
                'actions commands.',
 'impact': {'data_compromised': 'Runner Registration Tokens'},
 'references': [{'source': 'GitLab Security Advisory'}],
 'title': 'Critical Vulnerability in GitLab Community',
 'type': 'Information Disclosure',
 'vulnerability_exploited': 'Information Disclosure Vulnerability'}