Vulnerability Description
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 14.0.0, < 14.10.5 |
Related Weaknesses (CWE)
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/366088Broken Link
- https://hackerone.com/reports/1609965Permissions RequiredThird Party Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/366088Broken Link
- https://hackerone.com/reports/1609965Permissions RequiredThird Party Advisory
FAQ
What is CVE-2022-2185?
CVE-2022-2185 is a vulnerability with a CVSS score of 9.9 (CRITICAL). A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to impo...
How severe is CVE-2022-2185?
CVE-2022-2185 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-2185?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.