Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2022-2185
HistoryJul 01, 2022 - 12:00 a.m.

CVE-2022-2185

2022-07-0100:00:00
ubuntu.com
ubuntu.com
45

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.634 Medium

EPSS

Percentile

97.8%

JSON

A critical issue has been discovered in GitLab affecting all versions
starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior
to 15.1.1 where an authenticated user authorized to import projects could
import a maliciously crafted project leading to remote code execution.

Notes

Author Note
sbeattie introduced in gitlab 14.0

Related

osv 2
cvelist 1
githubexploit 2
veracode 1
hackerone 2
checkpoint_advisories 1
nessus 2
cnvd 1
openvas 1
prion 1
debiancve 1
cve 1
nuclei 1
wallarmlab 1
freebsd 1
osv
osv
BIT-gitlab-2022-2185
2024-03-06 11:15:35
CVE-2022-2185
2022-07-01 16:15:08
cvelist
cvelist
CVE-2022-2185
2022-07-01 15:50:03
githubexploit
githubexploit
Exploit for OS Command Injection in Gitlab
2022-07-29 11:14:03
Exploit for OS Command Injection in Gitlab
2022-07-02 07:58:01
veracode
veracode
Remote Code Execution (RCE)
2023-08-06 22:42:08
hackerone
hackerone
GitLab: RCE via the DecompressedArchiveSizeValidator and Project BulkImports (behind feature flag)
2022-06-23 03:05:28
GitLab: Unauthorized access
2022-08-14 23:06:00
checkpoint_advisories
checkpoint_advisories
GitLab Community and Enterprise Edition Command Injection (CVE-2022-2185)
2022-11-17 00:00:00
nessus
nessus
GitLab 14.0 < 14.10.5 / 15.0 < 15.0.4 / 15.1 < 15.1.1 (CVE-2022-2185)
2022-07-07 00:00:00
FreeBSD : Gitlab -- multiple vulnerabilities (d1b35142-ff4a-11ec-8be3-001b217b3468)
2022-07-09 00:00:00
cnvd
cnvd
GitLab Remote Code Execution Vulnerability
2022-07-01 00:00:00
openvas
openvas
GitLab 14.0.x < 14.10.5, 15.0.x < 15.0.4, 15.1.x < 15.1.1 Command Injection Vulnerability
2022-07-07 00:00:00
prion
prion
Remote code execution
2022-07-01 16:15:00
debiancve
debiancve
CVE-2022-2185
2022-07-01 16:15:00
cve
cve
CVE-2022-2185
2022-07-01 16:15:00
nuclei
nuclei
GitLab CE/EE - Remote Code Execution
2022-09-14 16:27:45
wallarmlab
wallarmlab
GitLab Security Issues: Six Months of Vulnerabilities
2022-08-01 13:31:27
freebsd
freebsd
Gitlab -- multiple vulnerabilities
2022-06-30 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.634 Medium

EPSS

Percentile

97.8%

JSON
Related for UB:CVE-2022-2185
osv2cvelist1githubexploit2veracode1hackerone2checkpoint_advisories1nessus2cnvd1openvas1prion1debiancve1cve1nuclei1wallarmlab1freebsd1