CVE-2022-2884
high-risk
Published 2022-10-17
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
Do I need to act?
!
67.7% chance of exploitation in next 30 days
EPSS score — higher than 32% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
+
Fix available
Upgrade to: 0c79d82b990686515ff26b5f7f68dfd52e6d0a9f, 3317b9ff0d3673d6a67aef803cfbb47d6889d403, 518311979e3d061392974d361934fcb3d8892638
9
CVSS 9.9/10
Critical
NETWORK
/ LOW complexity
Affected Vendors
References (8)
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2884.json
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/371098
Permissions Required
https://hackerone.com/reports/1672388
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2884.json
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/371098
Permissions Required
https://hackerone.com/reports/1672388
66
/ 100
high-risk
Severity
33/34 · Critical
Exploitability
26/34 · High
Exposure
7/34 · Low