CVE-2022-2884
published 2022-10-17CVE-2022-2884: A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to…
PriorityP185critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EXPLOIT
EPSS
75.72%
99.5th percentile
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 11.3.4 < 15.1.5 | 15.1.5 |
| gitlab | gitlab | >= 15.2 < 15.2.3 | 15.2.3 |
| gitlab | gitlab | >= 15.3 < 15.3.1 | 15.3.1 |
| gitlab | gitlab_ce | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The exploit spins up a fake GitHub server (Flask app) on the attacker machine and supplies its address/port to GitLab's import API. Detect outbound connections from the GitLab server to non-GitHub IP addresses on unusual ports (default 1337) during import operations. ↗
- →The fake GitHub server exposes routes mimicking GitHub API v3 paths (/api/v3/repos, /api/v3/users, /repositories). Detect GitLab making outbound HTTP requests to these paths on non-github.com hosts. ↗
- →The exploit requires a valid GitLab private token (-pt/--private-token). Investigate any recently created or compromised GitLab personal access tokens used in conjunction with import API calls around the time of suspected exploitation. ↗
- →Affected versions are GitLab CE/EE 11.3.4 through 15.1.4, 15.2.0–15.2.2, and 15.3.0. Identify unpatched instances in the environment as a priority for detection and patching. ↗
- ·Exploitation requires an authenticated GitLab user (valid credentials or private token). Unauthenticated attackers cannot directly exploit this vulnerability. ↗
- ·The exploit was tested specifically against the 'gitlab/gitlab-ce:15.3.0-ce.0' Docker container image; behavior may differ on other deployment types or versions. ↗
- ·The attacker machine must be network-reachable from the GitLab server to serve the fake GitHub API responses; air-gapped or strictly egress-filtered GitLab deployments may limit exploitability. ↗
CVSS provenance
nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
osv9.9CRITICAL
vendor_debian9.9CRITICAL
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mjcr-h6w7-xcx6: A vulnerability in GitLab CE/EE affecting all versions from 11
ghsa_unreviewed·2022-10-17
CVE-2022-2884 [CRITICAL] CWE-78 GHSA-mjcr-h6w7-xcx6: A vulnerability in GitLab CE/EE affecting all versions from 11
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
OSV
CVE-2022-2884: A vulnerability in GitLab CE/EE affecting all versions from 11
osv·2022-10-17·CVSS 9.9
CVE-2022-2884 [CRITICAL] CVE-2022-2884: A vulnerability in GitLab CE/EE affecting all versions from 11
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
Red Hat
kernel: drivers:md:fix a potential use-after-free bug
vendor_redhat·2025-06-18·CVSS 7.8
CVE-2022-50022 [HIGH] CWE-416 kernel: drivers:md:fix a potential use-after-free bug
kernel: drivers:md:fix a potential use-after-free bug
In the Linux kernel, the following vulnerability has been resolved:
drivers:md:fix a potential use-after-free bug
In line 2884, "raid5_release_stripe(sh);" drops the reference to sh and
may cause sh to be released. However, sh is subsequently used in lines
2886 "if (sh->batch_head && sh != sh->batch_head)". This may result in an
use-after-free bug.
It can be fixed by moving "raid5_release_stripe(sh);" to the bottom of
the function.
A use-after-free bug exists in the linux kernel such that in the line "raid5_release_stripe(sh);" drops the reference to sh and
may cause sh to be released. However, sh is subsequently used in lines "if (sh->batch_head && sh != sh->batch_head)" resulting in a minor application crash.
Mitigation: Mitigation
GitLab
CVE-2022-2884: A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated
vendor_gitlab·2022-10-17·CVSS 9.9
CVE-2022-2884 [CRITICAL] CWE-78 CVE-2022-2884: A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated
CVE-2022-2884: A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
Debian
CVE-2022-2884: gitlab - A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1...
vendor_debian·2022·CVSS 9.9
CVE-2022-2884 [CRITICAL] CVE-2022-2884: gitlab - A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1...
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
No detection rules found.
arXiv
A Smart City Infrastructure Ontology for Threats, Cybercrime, and Digital Forensic Investigation
arxiv_fulltext·2025-02-07
A Smart City Infrastructure Ontology for Threats, Cybercrime, and Digital Forensic Investigation
A Smart City Infrastructure Ontology for Threats, Cybercrime, and Digital Forensic Investigation
Yee Ching Tok
Singapore Univ. of Tech. and Design
Singapore
[email protected]
Davis Yang Zheng
Singapore Univ. of Tech. and Design
Singapore
[email protected]
Sudipta Chattopadhyay
Singapore Univ. of Tech. and Design
Singapore
[email protected]
plain
plain
## Abstract
Cybercrime and the market for cyber-related compromises are becoming attractive revenue sources for state-sponsored actors, cybercriminals and technical individuals affected by financial hardships. Due to burgeoning cybercrime on new technological frontiers, efforts have been made to assist digital forensic investigators (DFI) and law enforcement agencies (LEA) in their investigative efforts.
Qualys
September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical.
blogs_qualys·2022-09-13·CVSS 5.6
[MEDIUM] September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical.
## Table of Contents
Microsoft Patch Tuesday Summary
The September 2022 Microsoft Vulnerabilities Are Classified As Follows:
Notable Microsoft Vulnerabilities Patched
Zero-Day Vulnerabilities Addressed
Microsoft Important Vulnerability Highlights
Microsoft Edge | Last But Not Least
Adobe Security Bulletins and Advisories
About Qualys Patch Tuesday
Qualys Threat Protection High-Rated Advisories from August to September 2022 Patch Tuesday Advisory
Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response (VMDR)
Rapid Response With Patch Management (PM)
Evaluate Vendor-Suggested Workarounds With Policy Compliance
Qualys This Month in Vulnerabilities and Patches Webinar Series
Join the Webinar This Month in Vulnerabilities & Patches
NEW & NOTEWORTHY
Qualys
September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical. | Qualy
blogs_qualys·2022-09-13·CVSS 5.6
[MEDIUM] September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical. | Qualy
#### Table of Contents
- Microsoft Patch Tuesday Summary
- The September 2022 Microsoft Vulnerabilities Are Classified As Follows:
- Notable Microsoft Vulnerabilities Patched
- Zero-Day Vulnerabilities Addressed
- Microsoft Important Vulnerability Highlights
- Microsoft Edge | Last But Not Least
- Adobe Security Bulletins and Advisories
- About Qualys Patch Tuesday
- Qualys Threat Protection High-Rated Advisories from August to September 2022 Patch Tuesday Advisory
- Discover and Prioritize Vulnerabilities in Vulnerability Management Detection Response (VMDR)
- Rapid Response With Patch Management (PM)
- Evaluate Vendor-Suggested Workarounds With Policy Compliance
- Qualys This Month in Vulnerabilities and Patches Webinar Series
- Join the Webinar This Month in Vulnerabilities & Patches
-
Bugzilla
CVE-2022-50022 kernel: drivers:md:fix a potential use-after-free bug
bugzilla·2025-06-18·CVSS 7.8
CVE-2022-50022 [HIGH] CVE-2022-50022 kernel: drivers:md:fix a potential use-after-free bug
CVE-2022-50022 kernel: drivers:md:fix a potential use-after-free bug
In the Linux kernel, the following vulnerability has been resolved:
drivers:md:fix a potential use-after-free bug
In line 2884, "raid5_release_stripe(sh);" drops the reference to sh and
may cause sh to be released. However, sh is subsequently used in lines
2886 "if (sh->batch_head && sh != sh->batch_head)". This may result in an
use-after-free bug.
It can be fixed by moving "raid5_release_stripe(sh);" to the bottom of
the function.
Discussion:
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025061835-CVE-2022-50022-98b6@gregkh/T
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Red Hat Enterprise Linux 8.4 Extended Upd
http://packetstormsecurity.com/files/171628/GitLab-15.3-Remote-Code-Execution.htmlhttps://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2884.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/371098https://hackerone.com/reports/1672388http://packetstormsecurity.com/files/171628/GitLab-15.3-Remote-Code-Execution.htmlhttps://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2884.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/371098https://hackerone.com/reports/1672388
2022-10-17
Published