A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/366088 | Broken Link |
https://hackerone.com/reports/1609965 | Permissions Required Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 |
29 Oct 2022, 02:49
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 8.8 |
19 Jul 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution. |
08 Jul 2022, 23:20
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-732 | |
References | (MISC) https://gitlab.com/gitlab-org/gitlab/-/issues/366088 - Broken Link | |
References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.json - Vendor Advisory | |
References | (MISC) https://hackerone.com/reports/1609965 - Permissions Required, Third Party Advisory | |
First Time |
Gitlab
Gitlab gitlab |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:a:gitlab:gitlab:15.1.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:15.1.0:*:*:*:enterprise:*:*:* |
01 Jul 2022, 16:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-01 16:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-2185
Mitre link : CVE-2022-2185
CVE.ORG link : CVE-2022-2185
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')