vulnerability
Gitlab Gitlab: CVE-2022-2992: Improper Neutralization of Special Elements in Output Used by a Downstream Component
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Oct 17, 2022 | Apr 22, 2025 | Sep 18, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Oct 17, 2022
Added
Apr 22, 2025
Modified
Sep 18, 2025
Description
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.
Solution
gitlab-gitlab-upgrade-latest
References
- CWE-74
- CVE-2022-2992
- https://attackerkb.com/topics/CVE-2022-2992
- URL-http://packetstormsecurity.com/files/171008/GitLab-GitHub-Repo-Import-Deserialization-Remote-Code-Execution.html
- URL-https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2992.json
- URL-https://gitlab.com/gitlab-org/gitlab/-/issues/371884
- URL-https://hackerone.com/reports/1679624
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.