← LibraryTechnique entry
CI-GITLAB-RUNNER-TAGSPrivilege Escalation
GitLab CI Tag Reuse Across Projects
Untagged jobs from any project land on shared runners — read shared runner state (Docker socket, caches) for cross-tenant escape.
§ Where this technique fits
CI-GITLAB-RUNNER-TAGS is catalogued under the Privilege Escalation tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.