Gitlab CE/EE - Remote Code Execution (CVE-2022-2884)
- CVSSv3 Score
- Vulnerability description
Gitlab CE/EE is affected by a Remote Code Execution, located on the Import from Github API endpoint. The versions impacted are those between 11.3.4-15.1.5, 15.2-15.2.3, or 15.3-15.3.1. The root cause of this vulnerability consists in insufficient validation of user input in the "Import from Github" API Endpoint. This allows a malicious authenticated attacker to execute arbitrary code on the server.
- Risk description
The risk exists that a remote authenticated attacker can fully compromise the Gitlab CE/EE server in order to steal confidential information, install ransomware or pivot to the internal network.
Upgrade the Gitlab CE/EE server to the latest version or to a version higher than or equal to 15.1.5, 15.2.3, 15.3.1.
- Not available