Vulnerability Description
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 11.10, < 15.1.6 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/171008/GitLab-GitHub-Repo-Import-Deserializ
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2992.jsonThird Party Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/371884Broken LinkThird Party Advisory
- https://hackerone.com/reports/1679624Permissions RequiredThird Party Advisory
- http://packetstormsecurity.com/files/171008/GitLab-GitHub-Repo-Import-Deserializ
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2992.jsonThird Party Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/371884Broken LinkThird Party Advisory
- https://hackerone.com/reports/1679624Permissions RequiredThird Party Advisory
FAQ
What is CVE-2022-2992?
CVE-2022-2992 is a vulnerability with a CVSS score of 9.9 (CRITICAL). A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitH...
How severe is CVE-2022-2992?
CVE-2022-2992 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-2992?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.