vulnerability
FreeBSD: VID-e6b994e2-2891-11ed-9be7-454b1dd82c64 (CVE-2022-2527): Gitlab -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:S/C:C/I:C/A:N) | Aug 30, 2022 | Nov 4, 2022 | Mar 25, 2026 |
Severity
8
CVSS
(AV:N/AC:M/Au:S/C:C/I:C/A:N)
Published
Aug 30, 2022
Added
Nov 4, 2022
Modified
Mar 25, 2026
Description
Gitlab reports: Remote Command Execution via GitHub import Stored XSS via labels color Content injection via Incidents Timeline description Lack of length validation in Snippets leads to Denial of Service Group IP allow-list not fully respected by the Package Registry Abusing Gitaly.GetTreeEntries calls leads to denial of service Arbitrary HTTP Requests Possible in .ipynb Notebook with Malicious Form Tags Regular Expression Denial of Service via special crafted input Information Disclosure via Arbitrary GFM references rendered in Incident Timeline Events Regex backtracking through the Commit message field Read repository content via LivePreview feature Denial of Service via the Create branch API Denial of Service via Issue preview IDOR in Zentao integration leaked issue details Brute force attack may guess a password even when 2FA is enabled
Solution
freebsd-upgrade-package-gitlab-ce
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.