Lucene search

[email protected]NVD:CVE-2022-2992

HistoryOct 17, 2022 - 4:15 p.m.

CVE-2022-2992

2022-10-1716:15:21

CWE-74

[email protected]

web.nvd.nist.gov

gitlab

ce/ee

vulnerability

remote code execution

github api

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

0.028 Low

EPSS

Percentile

90.8%

JSON

A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.

Affected configurations

NVD

Node

gitlabgitlabRange11.10–15.1.6community

gitlabgitlabRange11.10–15.1.6enterprise

gitlabgitlabRange15.2–15.2.4community

gitlabgitlabRange15.2–15.2.4enterprise

gitlabgitlabRange15.3–15.3.2community

gitlabgitlabRange15.3–15.3.2enterprise

References

packetstormsecurity.com/files/171008/GitLab-GitHub-Repo-Import-Deserialization-Remote-Code-Execution.html

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2992.json

gitlab.com/gitlab-org/gitlab/-/issues/371884

hackerone.com/reports/1679624

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

0.028 Low

EPSS

Percentile

90.8%

JSON

Related for NVD:CVE-2022-2992

packetstorm1 metasploit1 githubexploit3 nessus2 veracode1 osv2 zdt1 ubuntucve1 prion1 debiancve1 cve1 cvelist1 rapid7blog1 wallarmlab1 freebsd1