CVE-2022-2185

HIGH8.8EPSS 87.0%

發布日:2024/3/6修改日:2025/4/3

也稱為:BIT-gitlab-2022-2185

描述

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.

受影響套件(1)

Bitnami/gitlab>= 14.0.0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

WEBhttps://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.json
WEBhttps://gitlab.com/gitlab-org/gitlab/-/issues/366088
WEBhttps://hackerone.com/reports/1609965
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2022-2185