vulnerability
Gitlab Gitlab: CVE-2022-2884: Improper Neutralization of Special Elements used in an OS Command
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Oct 17, 2022 | Apr 22, 2025 | Sep 18, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Oct 17, 2022
Added
Apr 22, 2025
Modified
Sep 18, 2025
Description
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
Solution
gitlab-gitlab-upgrade-latest
References
- CWE-78
- CVE-2022-2884
- https://attackerkb.com/topics/CVE-2022-2884
- URL-http://packetstormsecurity.com/files/171628/GitLab-15.3-Remote-Code-Execution.html
- URL-https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2884.json
- URL-https://gitlab.com/gitlab-org/gitlab/-/issues/371098
- URL-https://hackerone.com/reports/1672388
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.