CVE-2022-2884

Summary

A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=11.3.4, <15.1.5affected
GitLabGitLab>=15.2, <15.2.3affected
GitLabGitLab>=15.3, <15.3.1affected

Weaknesses

  • Improper neutralization of special elements used in an os command ('os command injection') in GitLab

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References