Vulners
Lucene search
GitLab CE/EE - Remote Code Execution
| Reporter | Title | Published | Views | Family All 25 |
|---|---|---|---|---|
 | CVE-2022-2185 | 1 Jul 202216:15 | – | attackerkb |
 | The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from the improper assignment of permissions to critical resources, allowing a violator to execute arbitrary code. | 5 Sep 202200:00 | – | bdu_fstec |
 | CVE-2022-2185 | 1 Jul 202220:43 | – | circl |
 | GitLab 操作系统命令注入漏洞 | 1 Jul 202200:00 | – | cnnvd |
 | GitLab Remote Code Execution Vulnerability | 1 Jul 202200:00 | – | cnvd |
 | GitLab Community and Enterprise Edition Command Injection (CVE-2022-2185) | 17 Nov 202200:00 | – | checkpoint_advisories |
 | CVE-2022-2185 | 1 Jul 202215:50 | – | cve |
 | CVE-2022-2185 | 1 Jul 202215:50 | – | cvelist |
 | Gitlab -- multiple vulnerabilities | 30 Jun 202200:00 | – | freebsd |
 | CVE-2022-2185 | 1 Jul 202215:50 | – | debiancve |
10
id: CVE-2022-2185
info:
name: GitLab CE/EE - Remote Code Execution
author: GitLab Red Team
severity: high
description: GitLab CE/EE 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 is susceptible to remote code execution. An authenticated user authorized to import projects can import a maliciously crafted project, thus possibly being able to execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
remediation: |
Apply the latest security patches provided by GitLab to mitigate this vulnerability.
reference:
- https://gitlab.com/gitlab-com/gl-security/threatmanagement/redteam/redteam-public/cve-hash-harvester
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.json
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2185
- https://nvd.nist.gov/vuln/detail/CVE-2022-2185
- https://gitlab.com/gitlab-org/gitlab/-/issues/366088
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2022-2185
cwe-id: CWE-78
epss-score: 0.76884
epss-percentile: 0.9949
cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
metadata:
max-request: 1
vendor: gitlab
product: gitlab
shodan-query:
- http.title:"GitLab"
- cpe:"cpe:2.3:a:gitlab:gitlab"
- http.title:"gitlab"
fofa-query: title="gitlab"
google-query: intitle:"gitlab"
tags: cve,cve2022,gitlab,vuln
http:
- method: GET
path:
- "{{BaseURL}}/users/sign_in"
redirects: true
max-redirects: 3
matchers:
- type: word
words:
- "003236d7e2c5f1f035dc8b67026d7583ee198b568932acd8faeac18cec673dfa"
- "1062bbba2e9b04e360569154a8df8705a75d9e17de1a3a9acd5bd20f000fec8b"
- "1832611738f1e31dd00a8293bbf90fce9811b3eea5b21798a63890dbc51769c8"
- "1ae98447c220181b7bd2dfe88018cb6e1b1e4d12d7b8c224d651a48ed2d95dfe"
- "1d765038b21c5c76ff8492561c29984f3fa5c4b8cfb3a6c7b216ac8ab18b78c7"
- "1d840f0c4634c8813d3056f26cbab7a685d544050360a611a9df0b42371f4d98"
- "2ea7e9be931f24ebc2a67091b0f0ff95ba18e386f3d312545bb5caaac6c1a8be"
- "301b60d2c71a595adfb65b22edee9023961c5190e1807f6db7c597675b0a61f0"
- "383b8952f0627703ada7774dd42f3b901ea2e499fd556fce3ae0c6d604ad72b7"
- "4f233d907f30a050ca7e40fbd91742d444d28e50691c51b742714df8181bf4e7"
- "50d9206410f00bb00cc8f95865ab291c718e7a026e7fdc1fc9db0480586c4bc9"
- "515dc29796a763b500d37ec0c765957a136c9e1f1972bb52c3d7edcf4b6b8bbe"
- "57e83f1a3cf7c0fe3cf2357802306688dab60cf6a30d00e14e67826070db92de"
- "5cd37ee959b5338b5fb48eafc6c7290ca1fa60e653292304102cc19a16cc25e4"
- "5df2cb13ec314995ea43d698e888ddb240dbc7ccb6e635434dc8919eced3e25f"
- "6a58066d1bde4b6e661fbd5bde83d2dd90615ab409b8c8c36e04954fbd923424"
- "6eb5eaa5726150b8135a4fd09118cfd6b29f128586b7fa5019a04f1c740e9193"
- "6fa9fec63ba24ec06fcae0ec30d1369619c2c3323fe9ddc4849af86457d59eef"
- "739a920f5840de93f944ec86c5a181d0205f1d9e679a4df1b9bf5b0882ab848a"
- "775f130d36e9eb14cb67c6a63551511b87f78944cebcf6cdddb78292030341df"
- "7d0792b17e1d2ccac7c6820dda1b54020b294006d7867b7d78a05060220a0213"
- "8b78708916f28aa9e54dacf9c9c08d720837ce78d8260c36c0f828612567d353"
- "90abf7746df5cb82bca9949de6f512de7cb10bec97d3f5103299a9ce38d5b159"
- "95ae8966ec1e6021f2553c7d275217fcfecd5a7f0b206151c5fb701beb7baf1e"
- "a4333a9de660b9fc4d227403f57d46ec275d6a6349a6f5bda0c9557001f87e5d"
- "a6d68fb0380bece011b0180b2926142630414c1d7a3e268fb461c51523b63778"
- "a743f974bacea01ccc609dcb79247598bd2896f64377ce4a9f9d0333ab7b274e"
- "a8bf3d1210afa873d9b9af583e944bdbf5ac7c8a63f6eccc3d6795802bd380d2"
- "ba74062de4171df6109c4c96da1ebe2b538bb6cc7cd55867cbdfba44777700e1"
- "c91127b2698c0a2ae0103be3accffe01995b8531bf1027ae4f0a8ad099e7a209"
- "cfa6748598b5e507db0e53906a7639e2c197a53cb57da58b0a20ed087cc0b9d5"
- "e539e07c389f60596c92b06467c735073788196fa51331255d66ff7afde5dfee"
- "f8ba2470fbf1e30f2ce64d34705b8e6615ac964ea84163c8a6adaaf8a91f9eac"
- "ff058b10a8dce9956247adba2e410a7f80010a236b2269fb53e0df5cd091e61d"
condition: or
extractors:
- type: regex
group: 1
regex:
- '(?:application-)(\S{64})(?:\.css)'
# digest: 4a0a00473045022038d3dc69d03f325d028c23de769fcf0e1d2cd887cd41994106032f9807b4a3b1022100c3f62cec0c70836b7a652bc096058b1f73aead96019e2a7cd21d50ddcdd35fd1:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.6High risk
Vulners AI Score7.6
CVSS 27.5
CVSS 3.18.8 - 9.9
EPSS0.76884