HomePentest-Tools.com Logo

Gitlab CE/EE - Remote Code Execution CVE-2022-2884

Severity
CVSSv3 Score
9.9
Vulnerability description

Gitlab CE/EE is affected by a Remote Code Execution, located on the Import from Github API endpoint. The versions impacted are those between 11.3.4-15.1.5, 15.2-15.2.3, or 15.3-15.3.1. The root cause of this vulnerability consists in insufficient validation of user input in the "Import from Github" API Endpoint. This allows a malicious authenticated attacker to execute arbitrary code on the server.

Risk description

The risk exists that a remote authenticated attacker can fully compromise the Gitlab CE/EE server in order to steal confidential information, install ransomware or pivot to the internal network.

Recommendation

Upgrade the Gitlab CE/EE server to the latest version or to a version higher than or equal to 15.1.5, 15.2.3, 15.3.1.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Sniper
Exploitable with Sniper
No
CVE Published
Aug 22, 2022
Detection added at
Software Type
Collaboration software
Vendor
GitLab
Product
Server