CVE-2022-2185

Description

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.

How to fix CVE-2022-2185

To remediate CVE-2022-2185, upgrade the affected package to a fixed version below.

Bitnami/gitlab—upgrade to 14.10.5 or later

Is CVE-2022-2185 being exploited?

Likely — EPSS is 87.0%, placing CVE-2022-2185 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

>= 14.0.0, < 14.10.5, >= 15.0.0, < 15.0.4, >= 15.1.0, < 15.1.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (4)

WEBgitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2185.json
WEBgitlab.com/gitlab-org/gitlab/-/issues/366088
WEBhackerone.com/reports/1609965
WEBnvd.nist.gov/vuln/detail/CVE-2022-2185