Critical Vulnerability in GitLab

Published on 24 Aug 2022

Updated on 24 Aug 2022

GitLab has released a security update to address a critical vulnerability (CVE-2022-2884) in its Community Edition (CE) and Enterprise Edition (EE). It has a Common Vulnerability Scoring System (CVSS) score of 9.9 out of 10.

The vulnerability affects all versions of GitLab CE and EE starting from version 11.3.4 before 15.1.5, 15.2 before 15.2.3, and 15.3 before 15.3.1.

Successful exploitation of the vulnerability could allow an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.

Administrators and users running affected GitLab CE or EE versions are advised to upgrade to the latest versions (15.3.1, 15.2.3 or 15.1.5) immediately.

 

More information is available here:

https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/#Remote%20Command%20Execution%20via%20Github%20import