Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2022-2884 — OS Command Injection in Gitlab
Severity
9.9CRITICALNVD
EPSS
67.7%
top 1.41%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedOct 17
Latest updateJun 18
Description
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0
Affected Packages5 packages
🔴Vulnerability Details
2💥Exploits & PoCs
1📋Vendor Advisories
3GitLab▶
CVE-2022-2884: A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated↗2022-10-17
Debian▶
CVE-2022-2884: gitlab - A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1...↗2022
🕵️Threat Intelligence
2Qualys▶
September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical.↗2022-09-13
Qualys▶
September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical. | Qualy↗2022-09-13
📄Research Papers
1arXiv▶
A Smart City Infrastructure Ontology for Threats, Cybercrime, and Digital Forensic Investigation↗2025-02-07