Vulnerability Description
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 11.3.4, < 15.1.5 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/171628/GitLab-15.3-Remote-Code-Execution.ht
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2884.jsonThird Party Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/371098Third Party Advisory
- https://hackerone.com/reports/1672388Permissions RequiredThird Party Advisory
- http://packetstormsecurity.com/files/171628/GitLab-15.3-Remote-Code-Execution.ht
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2884.jsonThird Party Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/371098Third Party Advisory
- https://hackerone.com/reports/1672388Permissions RequiredThird Party Advisory
FAQ
What is CVE-2022-2884?
CVE-2022-2884 is a vulnerability with a CVSS score of 9.9 (CRITICAL). A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Impo...
How severe is CVE-2022-2884?
CVE-2022-2884 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-2884?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.