Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-2185

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.

Published

2022-07-01T16:15:08.093

Last Modified

2024-11-21T07:00:30.037

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.9 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gitlab	gitlab	< 14.10.5	Yes
Application	gitlab	gitlab	< 14.10.5	Yes
Application	gitlab	gitlab	< 15.0.4	Yes
Application	gitlab	gitlab	< 15.0.4	Yes
Application	gitlab	gitlab	15.1.0	Yes
Application	gitlab	gitlab	15.1.0	Yes

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.json Vendor Advisory ([email protected])
https://gitlab.com/gitlab-org/gitlab/-/issues/366088 Broken Link ([email protected])
https://hackerone.com/reports/1609965 Permissions Required, Third Party Advisory ([email protected])
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.json Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/gitlab/-/issues/366088 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1609965 Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)