Remote Code Execution Vulnerability in GitLab GitHub Import API (CVE-2022-2992)
A remote code execution vulnerability (CVE-2022-2992) affecting GitLab versions 11.10 through 15.3.2 allows authenticated users to execute arbitrary code via the GitHub import API, and can be mitigated by upgrading to patched releases or disabling the import feature.
GitLab is an integrated software development platform based on Git, developed by GitLab Inc.
Certain affected versions of GitLab contain a remote code execution vulnerability similar to CVE-2022-2884, which permits authenticated users to achieve remote code execution by importing from a GitHub API endpoint.
Attackers can exploit this flaw to execute arbitrary code and potentially take over the server.
Vulnerability Name
GitHub Import API Remote Code Execution in GitLab
Vulnerability Type
Code Injection
Discovery Date
2022/8/31
Impact Scope
Medium
MPS ID
MPS-2022-56071
CVE ID
CVE-2022-2992
CNVD ID
-
Impact Range
GitLab versions @[11.10, 15.1.6)
GitLab versions @[15.2, 15.2.4)
GitLab versions @[15.3, 15.3.2)
Mitigation
Upgrade GitLab to 15.1.6 or later.
Upgrade GitLab to 15.2.4 or later.
Upgrade GitLab to 15.3.2 or later.
Disable the GitHub import repository creation feature.
Laravel Tech Community
Specializing in Laravel development, we continuously publish fresh content and grow alongside the elegant, stable Laravel framework.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.