CVE-2022-2185

HIGH8.8EPSS 87.0%

Published: 3/6/2024Modified: 4/3/2025

Description

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.

Affected packages (1)

Bitnami/gitlab>= 14.0.0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (4)

WEBhttps://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.json
WEBhttps://gitlab.com/gitlab-org/gitlab/-/issues/366088
WEBhttps://hackerone.com/reports/1609965
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2022-2185