CVE-2017-7669: Privilege escalation

June 4, 2017 (updated June 9, 2017)

The LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.

References

seclists.org/oss-sec/2017/q2/394
bugzilla.redhat.com/show_bug.cgi?id=1448373
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7669

Code Behaviors & Features

Detect and mitigate CVE-2017-7669 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →